Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add variable to set name_format for auditd #810

Merged
merged 1 commit into from
Oct 22, 2024
Merged

Add variable to set name_format for auditd #810

merged 1 commit into from
Oct 22, 2024

Conversation

schurzi
Copy link
Contributor

@schurzi schurzi commented Oct 21, 2024

resolves #796

@schurzi schurzi requested a review from rndmh3ro October 21, 2024 14:16
@schurzi
Copy link
Contributor Author

schurzi commented Oct 21, 2024
edited
Loading

@rndmh3ro WDYT? It makes sense to open up that configuration to better manage logs. Excerpt from the man page:

   name_format
          This option controls how computer node names  are  inserted  into  the  audit  event
          stream.  It has the following choices: none, hostname, fqd, numeric, and user.  None
          means that no computer name is inserted into the audit event.  hostname is the  name
          returned  by  the  gethostname syscall. The fqd means that it takes the hostname and
          resolves it with dns for a fully qualified domain name of that machine.  Numeric  is
          similar  to  fqd  except  it resolves the IP address of the machine. In order to use
          this option, you might want to test that 'hostname -i' or 'domainname -i' returns  a
          numeric  address.  Also,  this option is not recommended if dhcp is used because you
          could have different addresses over time for the same machine.   User  is  an  admin
          defined string from the name option. The default value is none.

rndmh3ro
rndmh3ro approved these changes Oct 22, 2024
View reviewed changes
Copy link
Member

@rndmh3ro rndmh3ro left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The change itself is great, approved!

In some future I'd like to remove the whole audit-stuff though - it does not really harden anything..

@schurzi schurzi merged commit 5d95dc7 into master Oct 22, 2024
33 checks passed
@schurzi schurzi deleted the audit_name branch October 22, 2024 06:47
@schurzi
Copy link
Contributor Author

schurzi commented Oct 22, 2024

I already have a person in our team who has volunteered to add a audit role. My plan is to extract all audit related stuff in an extra role and also add some helpful base config.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rndmh3ro rndmh3ro rndmh3ro approved these changes

Assignees
No one assigned
Labels
enhancement os_hardening
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow configuring the name_format variable in auditd config
2 participants
@schurzi @rndmh3ro