Skip to content

auditd job from os-conf/20

Github source: a395af3 or master branch

Properties

rules

Array of auditd rules to add. Note that this job does not update rules after rules are installed for the first time. Removal of a job does not remove rules. For new rules to be applied you must force VM recreation. This behaviour is due to auditd going into its immutable state.

Default
[]
Example
- -a always,exit -F perm=x -F auid>=500 -F auid!=4294967295 -F path=/usr/bin/who -k
  privileged

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/auditd/ directory (learn more).

  • bin/pre-start (from pre-start)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

This job relies on no runtime packages.