This repository has been archived by the owner on Jun 30, 2021. It is now read-only.
audit.rules.prev #38
Comments
|
I suspect you're getting the same error I am: I noticed that in audtid::rule, the rule fragment target is coded to $auditd::params::rules_file instead of to $auditd::rules_file, so if you specify any value besides the default for $rules_file, it won't be able to find a concat for rules. This is because it's trying to use the default value for $rules_file on the fragments and the value you specified for the concat. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi I only get at audit.rules.prev , in /etc/audit , and it doesn't load it
os debian 9
I have tried with
rules_file =>'/etc/audit/rules.d/puppet.rules' ,
manage_audit_files => true
then i get get a concat warning
/Stage[main]/Auditd/Auditd::Rule[watch for changes to passwd file]/Concat::Fragment[auditd_fragment_watch for changes to passwd file]/Concat_fragment[auditd_fragment_watch for changes to passwd file]: Target Concat_file with path or title '/etc/audit/audit.rules' or tag '_etc_audit_audit.rules not found in the catalog
class { 'auditd':
log_file => '/var/log/audit.log',
rules => {
'watch for changes to passwd file' => {
content => '-w /etc/passwd -p wa -k identity',
order => 1,
},
}
}
}
The text was updated successfully, but these errors were encountered: