Skip to content

Commit bdd2b7e

Browse files
marc-grmarc-gr
authored
[auditd_manager] Add audit rule files option to auditd_manager (#4905)
* Add audit rule files option to auditd_manager * Add PR number * Add constraints in template
1 parent 963863c commit bdd2b7e

File tree

4 files changed

+24
-2
lines changed

4 files changed

+24
-2
lines changed

packages/auditd_manager/changelog.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,9 @@
11
# newer versions go on top
2+
- version: "1.5.0"
3+
changes:
4+
- description: Add audit rule files option.
5+
type: enhancement
6+
link: https://github.com/elastic/integrations/pull/4905
27
- version: "1.4.0"
38
changes:
49
- description: Update package to ECS 8.5.0.

packages/auditd_manager/data_stream/auditd/agent/stream/auditd.yml.hbs

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,15 @@ immutable: {{immutable}}
1111
{{/if}}
1212
resolve_ids: {{resolve_ids}}
1313
failure_mode: {{failure_mode}}
14+
{{#if audit_rules}}
1415
audit_rules: {{escape_string audit_rules}}
16+
{{/if}}
17+
{{#if audit_rule_files.length}}
18+
audit_rule_files:
19+
{{#each audit_rule_files as |file i|}}
20+
- {{file}}
21+
{{/each}}
22+
{{/if}}
1523
backlog_limit: {{backlog_limit}}
1624
rate_limit: {{rate_limit}}
1725
include_warnings: {{include_warnings}}

packages/auditd_manager/data_stream/auditd/manifest.yml

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@ streams:
6565
- name: audit_rules
6666
type: textarea
6767
title: Audit rules
68-
required: true
68+
required: false
6969
show_user: true
7070
description: |
7171
List of the audit rules that should be
@@ -74,6 +74,15 @@ streams:
7474
used by the Linux `auditctl` utility. `elastic-agent` supports adding file watches
7575
(`-w`) and syscall rules (`-a` or `-A`). For more information,
7676
see the integration detail page.
77+
- name: audit_rule_files
78+
type: text
79+
title: Audit rule files
80+
required: false
81+
show_user: true
82+
description: |
83+
A list of files to load audit rules from. This files are loaded after the rules
84+
declared in `Audit rules` are loaded. Wildcards are supported and will expand in
85+
lexicographical order. The format is the same as that of the `Audit rules` field.
7786
- name: preserve_original_event
7887
required: true
7988
show_user: true

packages/auditd_manager/manifest.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
format_version: 1.0.0
22
name: auditd_manager
33
title: "Auditd Manager"
4-
version: "1.4.0"
4+
version: "1.5.0"
55
release: ga
66
license: basic
77
description: "The Auditd Manager Integration receives audit events from the Linux Audit Framework that is a part of the Linux kernel."

0 commit comments

Comments
 (0)