feat(audit): add AWS encryption provider audit rules and update encryption provider script
This commit is contained in:
@@ -143,6 +143,10 @@ encryption_aws_secret_access_key: "{{ lookup('env', 'KMS_SECRET_KEY') }}"
|
||||
encryption_kms_arn: "arn:aws:kms:eu-west-1:001604727293:key/977d08fd-8230-40bf-8a4f-d8a3264c5990"
|
||||
encryption_kms_socket: /var/run/kmsplugin/socket.sock
|
||||
|
||||
#audit encryption socker
|
||||
auditd_encryption_kms_socket: /var/run/kmsplugin/socket.sock
|
||||
auditd_max_log_file_action: rotate
|
||||
|
||||
# Kubernetes specific settings
|
||||
microk8s_version: 1.29
|
||||
microk8s_allowed_hosts:
|
||||
|
||||
@@ -10,6 +10,6 @@ auditd_mode: 1
|
||||
auditd_num_logs: 5
|
||||
auditd_space_left: 75
|
||||
auditd_space_left_action: email
|
||||
auditd_encryption_kms_socket:
|
||||
grub_audit_backlog_cmdline: audit_backlog_limit=8192
|
||||
grub_audit_cmdline: audit=1
|
||||
...
|
||||
|
||||
@@ -150,6 +150,11 @@
|
||||
-w /usr/sbin/runc -p rwxa -k docker
|
||||
-w /var/run/docker.sock -p rwxa -k docker
|
||||
|
||||
{% if auditd_encryption_kms_socket is defined %}
|
||||
# AWS encryption provider
|
||||
-w {{ auditd_encryption_kms_socket | dirname }} -p rwxa -k aws-encryption-provider
|
||||
{% endif %}
|
||||
|
||||
# Group modifications
|
||||
-w /etc/group -p wa -k group-modification
|
||||
-w /etc/gshadow -p wa -k group-modification
|
||||
|
||||
@@ -3,4 +3,6 @@
|
||||
# Managed by Ansible.
|
||||
export AWS_ACCESS_KEY_ID={{ encryption_aws_access_key_id }}
|
||||
export AWS_SECRET_ACCESS_KEY={{ encryption_aws_secret_access_key }}
|
||||
mkdir {{ encryption_kms_socket_dir | dirname }} }} 2>/dev/null || true
|
||||
chmod 700 {{ encryption_kms_socket_dir | dirname }} 2>/dev/null
|
||||
/usr/local/bin/aws-encryption-provider --key={{ encryption_kms_arn }} --region={{ encryption_kms_region }} --listen={{ encryption_kms_socket }}
|
||||
|
||||
Reference in New Issue
Block a user