epiphany icon indicating copy to clipboard operation
epiphany copied to clipboard

Published 20 hours ago verified publisher icon hitachienergy

[FEATURE REQUEST] Allow auditd rules to be configurable for Filebeat

Open toszo opened this issue 5 years ago • 2 comments

Is your feature request related to a problem? Please describe. Currently auditd rules for Filebeat or not configurable.

Describe the solution you'd like Allow auditd rules to be configurable for Filebeat

Describe alternatives you've considered None

Additional context https://github.com/epiphany-platform/epiphany/blob/develop/ansible/playbooks/roles/filebeat/templates/audit-epi.rules.j2

DoD checklist

  • Changelog
    • [ ] updated
    • [ ] not needed
  • COMPONENTS.md
    • [ ] updated
    • [ ] not needed
  • Schema
    • [ ] updated
    • [ ] not needed
  • Backport tasks
    • [ ] created
    • [ ] not needed
  • Documentation
    • [ ] added
    • [ ] updated
    • [ ] not needed
  • [ ] Feature has automated tests
  • [ ] Automated tests passed (QA pipelines)
    • [ ] apply
    • [ ] upgrade
    • [ ] backup/restore
  • [ ] Idempotency tested
  • [ ] All conversations in PR resolved
  • [ ] Solution meets requirements and is done according to design doc
  • [ ] Usage compliant with license

toszo avatar Jan 16 '20 15:01 toszo

@rafzei and @to-bar please have look here if that is not already implemented.

mkyc avatar Oct 23 '20 16:10 mkyc

@rafzei and @to-bar please have look here if that is not already implemented.

Still valid. Audit rules are hard-coded in audit-epi.rules.j2. The /var/log/audit/audit.log path is commented out (see comment) but Filebeat's module auditd is enabled.

to-bar avatar Oct 27 '20 14:10 to-bar

Not going todo anymore feature requests for Epiphany.

seriva avatar Nov 16 '22 12:11 seriva