-
Notifications
You must be signed in to change notification settings - Fork 36
Conversation
c144542
to
bff718a
Compare
bff718a
to
6492651
Compare
6acc028
to
92ce41f
Compare
b47a210
to
a62eddd
Compare
The changelog entry needs a file like
|
Done. Thanks @pothos for all your help and patience! |
It's a bit rough because of the downstream changes… I hope we can create an automatism soon that allows us to use unmodified Gentoo ebuild files. |
Maybe the
|
e464bd0
to
8b39e4d
Compare
Done |
Thanks a lot, can you squash the commits? |
Oh no… Now that I tried it again I get |
8b39e4d
to
90dd7ef
Compare
This includes the `auditd` binary and systemd unit as part of the distro. While journald is also able to handle logs from the linux audit subsystem, auditd provides audit-specific capabilities that are necessary in deployments subject to regulatory compliance. For one, an administrator is able to configure audit log writing policy to ensure that logs land on disk and nothing is missed (`flush`). We wouldn't want such policy through journald as it woudl sync and ensure all logs which might be undesirable and too resource intensive. In short, this allows us to configure different management policies for audit logs compared to general logs. It allows us to explicitly configure the node's reaction to errors such as the disk beign full, the disk having other issues or space constraints. While Flatcar is not Common Criteria certified which would require the system to shut down if audit logs present issues (not written or collected), some FedRAMP environments do require actions such as notifications (which could be achieved via syslog). This can be explicitly done with auditd as well. Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
942fa4a
to
1cfcdcc
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Waiting to start it once on the built image, then we are ready to merge
Add auditd package and systemd unit
This includes the
auditd
binary and systemd unit as part of thedistro. While journald is also able to handle logs from the linux audit
subsystem, auditd provides audit-specific capabilities that are
necessary in deployments subject to regulatory compliance.
For one, an administrator is able to configure audit log writing policy
to ensure that logs land on disk and nothing is missed (
flush
). Wewouldn't want such policy through journald as it woudl sync and ensure
all logs which might be undesirable and too resource intensive. In
short, this allows us to configure different management policies for
audit logs compared to general logs.
It allows us to explicitly configure the node's reaction to errors such
as the disk beign full, the disk having other issues or space constraints.
While Flatcar is not Common Criteria certified which would require the
system to shut down if audit logs present issues (not written or
collected), some FedRAMP environments do require actions such as
notifications (which could be achieved via syslog). This can be
explicitly done with auditd as well.
How to use
[ describe what reviewers need to do in order to validate this PR ]
Testing done
[Describe the testing you have done before submitting this PR. Please include both the commands you issued as well as the output you got.]
changelog/
directory (user-facing change, bug fix, security fix, update)