kemra102 · samjmarshall · Jul 19, 2019 · Jul 19, 2019 · Jul 19, 2019 · Dec 30, 2019
diff --git a/.gitignore b/.gitignore
@@ -18,6 +18,7 @@ tags
 pkg
 
 ## testing
+.bundle/
 Gemfile.lock
 spec/fixtures
 

diff --git a/Gemfile b/Gemfile
@@ -1,6 +1,6 @@
 source 'https://rubygems.org'
 
-puppetversion = ENV.key?('PUPPET_VERSION') ? "= #{ENV['PUPPET_VERSION']}" : ['>= 3.3']
+puppetversion = ENV.key?('PUPPET_GEM_VERSION') ? ENV['PUPPET_GEM_VERSION'] : '>= 3.3'
 gem 'puppet', puppetversion
 gem 'puppetlabs_spec_helper', '>= 0.1.0'
 gem 'puppet-lint', '>= 0.3.2'

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -509,7 +509,7 @@
   }
 
   # If a hash of rules is supplied with class then call auditd::rules defined type to apply them
-  $rules.each |$key,$opts| { 
+  $rules.each |$key,$opts| {
     auditd::rule { $key:
       * => pick($opts,{}),
     }

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -8,19 +8,43 @@
       $manage_audit_files = false
       $rules_file         = '/etc/audit/rules.d/audit.rules'
 
-      case $::lsbmajdistrelease {
-        '8': {
-          $service_restart = '/bin/systemctl restart auditd'
-          $service_stop    = '/bin/systemctl stop auditd'
+      case $::operatingsystem {
+        'Ubuntu': {
+          if versioncmp($::operatingsystemrelease, '18.04') >= 0 {
+            $flush = 'incremental_async'
+          } else {
+            $flush = 'incremental'
+          }
+
+          if versioncmp($::operatingsystemrelease, '16.04') >= 0 {
+            $service_restart = '/bin/systemctl restart auditd'
+            $service_stop    = '/bin/systemctl stop auditd'
+          } else {
+            $service_restart = '/etc/init.d/auditd restart'
+            $service_stop    = '/etc/init.d/auditd stop'
+          }
         }
         default: {
-          $service_restart = '/etc/init.d/auditd restart'
-          $service_stop    = '/etc/init.d/auditd stop'
+          if versioncmp($::operatingsystemrelease, '10') >= 0 {
+            $flush = 'incremental_async'
+          } else {
+            $flush = 'incremental'
+          }
+
+          if versioncmp($::operatingsystemrelease, '8') >= 0 {
+            $service_restart = '/bin/systemctl restart auditd'
+            $service_stop    = '/bin/systemctl stop auditd'
+          } else {
+            $service_restart = '/etc/init.d/auditd restart'
+            $service_stop    = '/etc/init.d/auditd stop'
+          }
         }
       }
     }
     'Suse': {
-      $package_name       = 'audit'
+      $package_name = 'audit'
+      $flush        = 'incremental'
+
       if versioncmp($::operatingsystemrelease, '12') >= 0 and $::operatingsystem == 'SLES' {
         $audisp_package     = 'audit-audispd-plugins'
         $manage_audit_files = true
@@ -42,10 +66,12 @@
       $manage_audit_files = true
 
       if $::operatingsystem != 'Amazon' and versioncmp($::operatingsystemrelease, '7') >= 0 {
+        $flush           = 'incremental_async'
         $rules_file      = '/etc/audit/rules.d/puppet.rules'
         $service_restart = '/usr/libexec/initscripts/legacy-actions/auditd/restart'
         $service_stop    = '/usr/libexec/initscripts/legacy-actions/auditd/stop'
       } else {
+        $flush           = 'incremental'
         $rules_file      = '/etc/audit/audit.rules'
         $service_restart = '/etc/init.d/auditd restart'
         $service_stop    = '/etc/init.d/auditd stop'
@@ -54,6 +80,7 @@
     'Archlinux': {
       $package_name       = 'audit'
       $audisp_package     = 'audit'
+      $flush              = 'incremental'
       $manage_audit_files = false
       $rules_file         = '/etc/audit/audit.rules'
       $service_restart    = '/usr/bin/kill -s SIGHUP $(cat /var/run/auditd.pid)'
@@ -62,6 +89,7 @@
     'Gentoo': {
       $package_name       = 'audit'
       $audisp_package     = 'audit'
+      $flush              = 'incremental'
       $manage_audit_files = false
       $rules_file         = '/etc/audit/audit.rules'
       $service_restart    = '/etc/init.d/auditd restart'
@@ -78,7 +106,6 @@
   $log_group               = 'root'
   $write_logs              = undef
   $priority_boost          = '4'
-  $flush                   = 'incremental_async'
   $freq                    = '20'
   $num_logs                = '5'
   $disp_qos                = 'lossy'

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -37,6 +37,7 @@
         'restart'   => '/usr/libexec/initscripts/legacy-actions/auditd/restart',
         'stop'      => '/usr/libexec/initscripts/legacy-actions/auditd/stop',
       })
+      should contain_file('/etc/audit/auditd.conf').with_content(/^flush = incremental_async$/)
     }
   end
   context 'default parameters on RedHat 6' do
@@ -51,6 +52,7 @@
         'restart' => '/etc/init.d/auditd restart',
         'stop'    => '/etc/init.d/auditd stop',
       })
+      should contain_file('/etc/audit/auditd.conf').with_content(/^flush = incremental$/)
     }
   end
   context 'default parameters on Amazon Linux' do
@@ -65,36 +67,87 @@
         'restart' => '/etc/init.d/auditd restart',
         'stop'    => '/etc/init.d/auditd stop',
       })
+      should contain_file('/etc/audit/auditd.conf').with_content(/^flush = incremental$/)
     }
   end
   context 'default parameters on Debian 8' do
     let (:facts) {{
-      :osfamily          => 'Debian',
-      :operatingsystem   => 'Debian',
-      :lsbmajdistrelease => '8',
-      :concat_basedir    => '/var/lib/puppet/concat',
+      :osfamily               => 'Debian',
+      :operatingsystem        => 'Debian',
+      :operatingsystemrelease => '8',
+      :concat_basedir         => '/var/lib/puppet/concat',
+    }}
+    it {
+      should contain_package('auditd').with_name('auditd')
+      should contain_service('auditd').with({
+        'restart' => '/bin/systemctl restart auditd',
+        'stop'    => '/bin/systemctl stop auditd',
+      })
+      should contain_file('/etc/audit/auditd.conf').with_content(/^flush = incremental$/)
+    }
+  end
+  context 'default parameters on Debian 10' do
+    let (:facts) {{
+      :osfamily               => 'Debian',
+      :operatingsystem        => 'Debian',
+      :operatingsystemrelease => '10',
+      :concat_basedir         => '/var/lib/puppet/concat',
     }}
     it {
       should contain_package('auditd').with_name('auditd')
       should contain_service('auditd').with({
         'restart' => '/bin/systemctl restart auditd',
         'stop'    => '/bin/systemctl stop auditd',
       })
+      should contain_file('/etc/audit/auditd.conf').with_content(/^flush = incremental_async$/)
     }
   end
   context 'default parameteres on Ubuntu 14.04' do
     let (:facts) {{
-      :osfamily          => 'Debian',
-      :operatingsystem   => 'Ubuntu',
-      :lsbmajdistrelease => '14.04',
-      :concat_basedir    => '/var/lib/puppet/concat',
+      :osfamily               => 'Debian',
+      :operatingsystem        => 'Ubuntu',
+      :operatingsystemrelease => '14.04',
+      :concat_basedir         => '/var/lib/puppet/concat',
     }}
     it {
       should contain_package('auditd').with_name('auditd')
       should contain_service('auditd').with({
         'restart' => '/etc/init.d/auditd restart',
         'stop'    => '/etc/init.d/auditd stop',
       })
+      should contain_file('/etc/audit/auditd.conf').with_content(/^flush = incremental$/)
+    }
+  end
+  context 'default parameteres on Ubuntu 16.04' do
+    let (:facts) {{
+      :osfamily               => 'Debian',
+      :operatingsystem        => 'Ubuntu',
+      :operatingsystemrelease => '16.04',
+      :concat_basedir         => '/var/lib/puppet/concat',
+    }}
+    it {
+      should contain_package('auditd').with_name('auditd')
+      should contain_service('auditd').with({
+        'restart' => '/bin/systemctl restart auditd',
+        'stop'    => '/bin/systemctl stop auditd',
+      })
+      should contain_file('/etc/audit/auditd.conf').with_content(/^flush = incremental$/)
+    }
+  end
+  context 'default parameteres on Ubuntu 18.04' do
+    let (:facts) {{
+      :osfamily               => 'Debian',
+      :operatingsystem        => 'Ubuntu',
+      :operatingsystemrelease => '18.04',
+      :concat_basedir         => '/var/lib/puppet/concat',
+    }}
+    it {
+      should contain_package('auditd').with_name('auditd')
+      should contain_service('auditd').with({
+        'restart' => '/bin/systemctl restart auditd',
+        'stop'    => '/bin/systemctl stop auditd',
+      })
+      should contain_file('/etc/audit/auditd.conf').with_content(/^flush = incremental_async$/)
     }
   end
   context 'default parameters on Archlinux' do
@@ -109,6 +162,7 @@
         'restart' => '/usr/bin/kill -s SIGHUP $(cat /var/run/auditd.pid)',
         'stop'    => '/usr/bin/kill -s SIGTERM $(cat /var/run/auditd.pid)',
       })
+      should contain_file('/etc/audit/auditd.conf').with_content(/^flush = incremental$/)
     }
   end
   context 'default parameters on Gentoo' do
@@ -123,6 +177,7 @@
         'restart' => '/etc/init.d/auditd restart',
         'stop'    => '/etc/init.d/auditd stop',
       })
+      should contain_file('/etc/audit/auditd.conf').with_content(/^flush = incremental$/)
     }
   end
   context 'auditd.conf is well-formed' do