Forge Home

aide

A puppet module for installing and configuring aide

12,988 downloads

7,532 latest version

3.5 quality score

Version information

  • 1.1.2 (latest)
  • 1.1.1
  • 1.1.0
  • 1.0.0
released Jan 5th 2017

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'mklauber-aide', '1.1.2'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add mklauber-aide
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install mklauber-aide --version 1.1.2

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: aide

Documentation

mklauber/aide — version 1.1.2 Jan 5th 2017

mklauber-aide

Build Status: Build Status

mklauber/aide is a puppet module for managing Aide (Advanced Intrustion Detection Environment). It allows you to define Rules and File/folder watches via defined types. Refer to the Aide manual for details about Aide configuration options.

Examples

Watch permissions of all files on filesystem

The simplest use of mklauber/aide is to place a watch on the root directory, as follows.

aide::watch { 'example':
  path  => '/',
  rules => 'p'
}

This example adds the line / R which watches the permissions of all files on the operating system. Obviously, this is a simplistic, non useful solution.

Watch permissions and md5sums of all files in /etc

aide::watch { 'example':
  path  => '/etc',
  rules => 'p+md5'
}

This example adds the line /etc p+md5 which watches /etc with both permissions and md5sums. This could also be implemented as follows.

aide::watch { 'example':
  path  => '/etc',
  rules => ['p', 'md5']
}

Create a common rule for watching multiple directories

Sometimes you wish to use the same rule to watch multiple directories, and in keeping with the Don't Repeat Yourself(DRY) viewpoint, we should create a common name for the rule. This can be done via the aide::rule stanza.

aide::rule { 'MyRule':
  name  => 'MyRule',
  rules => ['p', 'md5']
}
aide::watch { '/etc':
  path  => '/etc',
  rules => 'MyRule'
}
aide::watch { 'otherApp':
  path  => '/path/to/other/config/dir',
  rules => 'MyRule'
}

Here we are defining a rule in called MyRule which will add the line MyRule = p+md5. The next two stanzas can reference that rule. They will show up as /etc MyRule and /path/to/other/config/dir MyRule.

Create a rule to exlude directories

aide::watch { '/var/log':
  path => '/etc',
  type => 'exclude' 
}

This with ignore all files under /var/log. It adds the line !/var/log to the config file.

Create a rule to specify only specific files

aide::watch { '/var/log/messages':
  path => '/etc',
  type => 'equals',
  rules => 'MyRule'
}

This with watch only the file /var/log/messages. It will ignore /var/log/messages/thingie. It adds the line =/var/log/messages MyRule to the config file.