auditd rsyslog changed to tls

2025-10-03 16:36:12 +02:00
parent 0f7f9a3d34
commit a5b5e33d52
2 changed files with 44 additions and 23 deletions
--- a/roles/bastionhost/tasks/system_setup/auditd_logging.yml
+++ b/roles/bastionhost/tasks/system_setup/auditd_logging.yml
@@ -2,7 +2,9 @@
 - name: system setup | auditd | ensure rsyslog is installed
  tags: auditd,hardening,system
  package:
-    name: rsyslog
+    name:
+      - rsyslog
+      - rsyslog-gnutls # Required for TLS forwarding
    state: present

 - name: system setup | auditd | install auditd and audispd-plugins
@@ -30,7 +32,7 @@
 - name: system setup | auditd | configure remote logging plugin
  tags: auditd,hardening,system
  lineinfile:
-    path: /etc/audisp/plugins.d/syslog.conf
+    path: /etc/audit/plugins.d/syslog.conf
    regexp: '^active ='
    line: 'active = yes'
    create: true
@@ -44,9 +46,22 @@
    group: root
    mode: '0644'
    content: |
-      # Forward all audit logs to a remote server
+      # Forward all audit logs to a remote server via TLS
      # This file is managed by Ansible.
-      if $programname == 'audit' then @{{ auditd_remote_log_server }}:514
+
+      # Define the CA certificate rsyslog should trust
+      global(DefaultNetstreamDriverCAFile="{{ rsyslog_tls_ca_cert }}")
+
+      # Define the forwarding rule
+      if $programname == 'audisp-syslog' then {
+        action(type="omfwd"
+              target="{{ auditd_remote_log_server }}"
+              port="6514"
+              protocol="tcp"
+              StreamDriver="gtls"
+              StreamDriverMode="1"
+              StreamDriverAuthMode="x509/name")
+      }
  notify: restart rsyslog

 - name: system setup | auditd | ensure auditd service is running and enabled
--- a/roles/bastionhost/vars/main.yml
+++ b/roles/bastionhost/vars/main.yml
@@ -1,20 +1,26 @@
 $ANSIBLE_VAULT;1.1;AES256
-31313039373833623432626231383632333461613434343933343464643531323562333566326365
-3839383834656232303832623865376666363862643435350a363337383136623161663964313663
-62666438306535386462376538653263323936306332346237663263666431656635333137323639
-6432633231623432620a646163353233626132643531636165383663363034316437383134663538
-62373835653131646530636432623963393566643263646532666433363963306665363862343534
-31343431373764666162373162306362616233663066633831376465353731653132633462376138
-65396232633365353032303362356565643935363539396461656537613766653434313735373438
-37363764316438326535393631343330306431326565653462666135363635633764386630623765
-65383036663732623432613461363737353839393962313361373566373230623232313133393038
-33616364363461623564313437646130353030353161383864326338666137373865316637396431
-65393236393363633537396633353536323930316234303466356364666231303733646465343464
-35353035353334313237333932336436363634333466633634373636363864653432373935383331
-37653431653036616337393234376237316261326531613831336334323561356132326437666333
-34393430636230656137323238396234386636363134616639353237383934623265626337643332
-33376665353737633933336164663138313330643266326366616530663865353037323238666563
-64343133393263633539326561396533393136626430396438356239386364393532366161663566
-63616365356435333932393363666637363565613737363130376535656630363330326466393531
-37646433346465356536623561376264643131383335336638323730653932363362333131303262
-663334323834343732623635396561383236
+65396466653564326330323561623932366130366565303161646335393738646666313165636332
+3962366134303535383238653937353530353534666265380a313734643339343331326630636232
+62633264346465663637303934383763316436323233346337373961363961366364646430646133
+6532653866366330610a313833333961313164376537373561393766313533666534386230643337
+64356337663864313039306138316263333838346235623136643934313063646462313361366162
+34656537643361336631333366613835336138303830643930663333363034396438373631373139
+64666139396365386532333764646366313830333363366233333631616266636333343231343734
+65643134616639333239303136343835363430353436306439336533663632636535366266656162
+30643434376664313632343763386262663866353436356530343761653065613962336366396263
+66343163643061363165653737333464333739366365383833313737623764356337393232313437
+35343031653434346136306434333864626537623530333638633830326633663062356634303566
+36343961623364643333326332646564363838636531396462356239363337623436373964303730
+65313332363563386533363933326566356438616231373438376331656337636437376464653531
+66376635663435623038343237356262333831363665656437643035363933613738613731643631
+34646633363965636439383037353437373863393039613836633833393063633630653461336639
+65353430366435383763623434386135393532656135376437373932653833363165393965316462
+63653766343363646238313962303963653965343432373365656230396464643263666465333532
+33373661656661616666356666353166623462663033653563656232653466343139626136376335
+30373863626135303236643931353033353330656331613962326662363930303462623432396566
+37623134303737366164663435656532613462326136313135633932383130363364643333663338
+38333739643537323865333639353062646337666431303931316166303262343732303063656639
+64313963643861326632343538313561363831653133353862666563316237613737626461303733
+65663730373561323533356135306263623563396462666164346430663937663736613062313963
+65306135323665303665383135313938623338303934633065333739663565636234633238363632
+3936