Skip to content

auditd job from os-conf/22.2.0

Github source: 651b73b or master branch

Properties

pre_start_delay

The number of seconds to delay running the pre-start script. This can be used, for example, to avoid a race condition with other pre-start scripts, such as IPsec’s, that can prevent auditd From starting

Default
0
Example
30

rules

Array of auditd rules to add. Note that this job does not update rules after rules are installed for the first time. Removal of a job does not remove rules. For new rules to be applied you must force VM recreation. This behaviour is due to auditd going into its immutable state.

Default
[]
Example
- -a always,exit -F perm=x -F auid>=500 -F auid!=4294967295 -F path=/usr/bin/who -k
  privileged

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/auditd/ directory (learn more).

  • bin/pre-start (from pre-start)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

This job relies on no runtime packages.