including audit in Fedora CoreOS

[dustymabe]

We have been discussing whether or not to include the audit rpm (includes the audit daemon) in Fedora CoreOS. The discussion started over in #220 and we also discussed it in the the community meeting today.

There are some changes upstream that we'd like to track/discuss that include:

• removing the dependency on initscripts; some context in
  • https://src.fedoraproject.org/rpms/audit/pull-request/5
  • https://bugzilla.redhat.com/show_bug.cgi?id=1768815
• complex configuration (overriding/overlaying/merging)
  • linux-audit/audit-userspace#111

What others exist?

Also if you are a user and need the audit tools, please speak up so we can get a feeling for how much need there is.

[egeturgay]

+1 for auditctl and augenrules (not full blown auditd) , we currently use (on CoreOS) for enabling auditd's file integrity management feature by adding rules where it's a requirement from a PCI compliance perspective.

additional rules land into /etc/audit/rules.d on CoreOS with configs such as
-w /etc -p wa -k file_integrity
and a systemd unit is provided for restarting auditd upon config change named audit-rules