(#187) Added rhel9 hieradata (#188)

Fixes #187
simp · Aug 17, 2023 · 8fab718 · 8fab718
1 parent c97c184
commit 8fab718
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 1 deletion.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,6 @@
+* Thu Aug 17 2023 Mike Riddle <mike@sicura.us> - 8.10.1
+- Add RHEL 9 hieradata
+
 * Wed Jul 12 2023 Chris Tessmer <chris.tessmer@onyxpoint.com> - 8.10.0
 - Add RockyLinux 8 support
 

diff --git a/data/os/RedHat-9.yaml b/data/os/RedHat-9.yaml
@@ -0,0 +1,57 @@
+---
+#  Default to auditd version 3 settings
+auditd::plugin_dir: '/etc/audit/plugins.d'
+auditd::config::audisp::syslog::type: 'always'
+auditd::config::audisp::syslog::syslog_path: '/sbin/audisp-syslog'
+auditd::config::audisp::syslog::pkg_name: 'audispd-plugins'
+
+auditd::config::audit_profiles::stig::default_suid_sgid_cmds:
+  - "/usr/bin/at"
+  - "/usr/bin/chage"
+  - "/usr/bin/chcon"
+  - "/usr/bin/chfn"
+  - "/usr/bin/chsh"
+  - "/usr/bin/crontab"
+  - "/usr/bin/fusermount"
+  - "/usr/bin/gpasswd"
+  - "/usr/bin/incrontab"
+  - "/usr/bin/ksu"
+  - "/usr/bin/locate"
+  - "/usr/bin/mount"
+  - "/usr/bin/newgidmap"
+  - "/usr/bin/newgrp"
+  - "/usr/bin/newuidmap"
+  - "/usr/bin/passwd"
+  - "/usr/bin/pkexec"
+  - "/usr/bin/screen"
+  - "/usr/bin/ssh-agent"
+  - "/usr/bin/su"
+  - "/usr/bin/sudo"
+  - "/usr/bin/sudoedit"
+  - "/usr/bin/umount"
+  - "/usr/bin/wall"
+  - "/usr/bin/write"
+  - "/usr/bin/Xorg"
+  - "/usr/lib64/dbus-1/dbus-daemon-launch-helper"
+  - "/usr/libexec/dbus-1/dbus-daemon-launch-helper"
+  - "/usr/libexec/openssh/ssh-keysign"
+  - "/usr/libexec/pt_chown"
+  - "/usr/libexec/sssd/krb5_child"
+  - "/usr/libexec/sssd/ldap_child"
+  - "/usr/libexec/sssd/proxy_child"
+  - "/usr/libexec/sssd/selinux_child"
+  - "/usr/libexec/utempter/utempter"
+  - "/usr/lib/polkit-1/polkit-agent-helper-1"
+  - "/usr/sbin/mount.nfs"
+  - "/usr/sbin/netreport"
+  - "/usr/sbin/pam_timestamp_check"
+  - "/usr/sbin/postdrop"
+  - "/usr/sbin/postqueue"
+  - "/usr/sbin/restorecon"
+  - "/usr/sbin/semanage"
+  - "/usr/sbin/setfiles"
+  - "/usr/sbin/setsebool"
+  - "/usr/sbin/seunshare"
+  - "/usr/sbin/unix_chkpwd"
+  - "/usr/sbin/userhelper"
+  - "/usr/sbin/usernetctl"
diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "simp-auditd",
-  "version": "8.10.0",
+  "version": "8.10.1",
   "author": "SIMP Team",
   "summary": "A SIMP puppet module for managing auditd and audispd",
   "license": "Apache-2.0",