feat(audit): add AWS encryption provider audit rules and update encryption provider script

This commit is contained in:
2025-05-12 17:24:58 +02:00
parent 05d1624bdd
commit 4cd933f9f8
4 changed files with 12 additions and 1 deletions
@@ -143,6 +143,10 @@ encryption_aws_secret_access_key: "{{ lookup('env', 'KMS_SECRET_KEY') }}"
encryption_kms_arn: "arn:aws:kms:eu-west-1:001604727293:key/977d08fd-8230-40bf-8a4f-d8a3264c5990"
encryption_kms_socket: /var/run/kmsplugin/socket.sock
#audit encryption socker
auditd_encryption_kms_socket: /var/run/kmsplugin/socket.sock
auditd_max_log_file_action: rotate
# Kubernetes specific settings
microk8s_version: 1.29
microk8s_allowed_hosts:
+1 -1
View File
@@ -10,6 +10,6 @@ auditd_mode: 1
auditd_num_logs: 5
auditd_space_left: 75
auditd_space_left_action: email
auditd_encryption_kms_socket:
grub_audit_backlog_cmdline: audit_backlog_limit=8192
grub_audit_cmdline: audit=1
...
@@ -150,6 +150,11 @@
-w /usr/sbin/runc -p rwxa -k docker
-w /var/run/docker.sock -p rwxa -k docker
{% if auditd_encryption_kms_socket is defined %}
# AWS encryption provider
-w {{ auditd_encryption_kms_socket | dirname }} -p rwxa -k aws-encryption-provider
{% endif %}
# Group modifications
-w /etc/group -p wa -k group-modification
-w /etc/gshadow -p wa -k group-modification
@@ -3,4 +3,6 @@
# Managed by Ansible.
export AWS_ACCESS_KEY_ID={{ encryption_aws_access_key_id }}
export AWS_SECRET_ACCESS_KEY={{ encryption_aws_secret_access_key }}
mkdir {{ encryption_kms_socket_dir | dirname }} }} 2>/dev/null || true
chmod 700 {{ encryption_kms_socket_dir | dirname }} 2>/dev/null
/usr/local/bin/aws-encryption-provider --key={{ encryption_kms_arn }} --region={{ encryption_kms_region }} --listen={{ encryption_kms_socket }}