Release of 8.6.2

* Mon Nov 23 2020 Liz Nemsick <[email protected]> - 8.6.2-0
  - Fixed a bug in which the module could not enable auditing in a system
    with auditing already disabled in the kernel, when replication of the
    audit logs to syslog was required.
    - Manifest would fail to compile because of a nil `auditd_version` fact.

Release of 8.6.1

* Wed Sep 23 2020 Trevor Vaughan <[email protected]> - 8.6.1-0
  - Allow auditd space_left and admin_space_left to accept percentages on
    supported versions

Release of 8.6.0

* Wed Aug 12 2020 Trevor Vaughan <[email protected]> - 8.6.0-0
  - Ensure that the auditd service is not managed if the kernel is not enforcing
    auditing
  - Add an acceptance test for toggling disabling auditing without modifying the
    kernel parameter

Release of 8.5.3

* Fri Aug 07 2020 Marcel Fischer <[email protected]> - 8.5.3-0
  - Add `INCREMENTAL_ASYNC` to possible values for `$::auditd::flush`

Release of 8.5.2

* Tue Aug 04 2020 Trevor Vaughan <[email protected]> - 8.5.2-0
  - Ensure that facts are properly confined
  - Utilize the new simplib__auditd fact

Release of 8.5.1

* Mon Jul 13 2020 Adam Yohrling <[email protected]> - 8.5.1-0
  - Add `built_in` audit profile to the subsystem that provides ability
    to include and manage sample rulesets to be compiled into active rules

* Wed Jun 24 2020 Trevor Vaughan <[email protected]> - 8.5.1-0
  - Added a File statement for /etc/audit/audit.rules.prev to prevent
    unnecessary
    flapping
  - Ensure that the inspec tests don't run if there isn't a profile
    available
  - Ensure that kmod is audited in all STIG modes on EL7+

* Mon Jun 15 2020 Jan Fickler <[email protected]> - 8.5.1-0
  - Fix regex substitution for bad path characters

Release of 8.5.0

* Thu Oct 31 2019 Trevor Vaughan <[email protected]> - 8.5.0-0
  - Allow users to knockout entries from arrays specified in Hiera
  - Multiple rules added based on best practices mostly pulled from
    /usr/share/doc/auditd:
    - Audit 32 bit operations on 64 bit systems
    - Audit calls to the auditd CLI commands
    - Audit IPv4 and IPv6 inbound connections
    - Optionally audit IPv4 and IPv6 outbound connections
    - Audit suspicious applications
    - Audit systemd
    - Audit the auditd configuration space
    - Ignore time daemon logs (clutter)
    - Ignore CRYPTO_KEY_USER logs (clutter)
    - Add ability to set the backlog_wait_time
    - Set loginuid_immutable

* Thu Oct 24 2019 Jeanne Greulich <[email protected]> - 8.5.0-0
  - Set defaults for syslog parameters if auditd version is unknown.
  - Added support for auditd v3.0 which is used by RedHat 8.
  - A fact that determines the major version of auditd that is running
    on the system
    was added, auditd_major_version.  This is used in hiera.yaml
    hierarchy to add module data specific to the versions.
  - Most of the changes in auditd v3.0 were related to how the plugins
    are handled but there are a few new parameters added to auditd.conf.
    They were set to their defaults according to man of auditd.conf.
  - Auditd V3.0 moved the handling of plugins into auditd from audispd.
    The following changes were made to accommodate that:
    - To make sure the parameters used to handle plugins where defined
      in one place no matter what version of auditd was used, they were
      moved to init.pp and referenced from there by the audisp manifest.
      For backwards compatibility, they remain in audisp.conf and are
      aliased in the hiera module data.
    - For backwards compatibility auditd::syslog remains defaulting to
      the value of simp_options::syslog although the two are not really
      the same thing.  You might want to review this setting and set
      auditd::syslog to a setting that is appropriate for your system.
      - To enable auditd logging to syslog set the following in hiera:
          auditd::syslog: true
          auditd::config::audisp::syslog::enable: true.
          # The drop_audit_logs is still there for backwards
          # compatibility and needs to be disabled.
          auditd::config::audisp::syslog::drop_audit_logs: false
      - To stop auditd logging to syslog  set the following in hiera:
          auditd::syslog: true
          auditd::config::plugins::syslog::enable: false.
      Setting auditd::syslog to false will stop Puppet from managing the
      syslog.conf, it will not disable auditd logging to syslog.
      Disable the syslog plugin as described above.
    - The settings for syslog.conf were updated and to work for new and
      old versions of auditd.
    - Added installation of audisp-syslog package when using auditd v3.

* Mon Aug 19 2019 Robert Vincent <[email protected]> - 8.5.0-0
  - Add rules to monitor /usr/share/selinux

Release of 8.4.0

* Fri Jul 05 2019 Steven Pritchard <[email protected]> - 8.4.0-0
  - Add v2 compliance_markup data

Release of 8.3.2

* Tue Jun 25 2019 Trevor Vaughan <[email protected]> - 8.3.2-0
  - Fix an issue where trailing newlines may not be present on custom rule
    profiles, particularly with rules defined in an Array.

Release of 8.3.1

* Thu May 02 2019 Liz Nemsick <[email protected]> - 8.3.1-0
  - Fix a breaking change inadvertantly introduced into auditd::rule
    in which the auditd class was no longer included when an auditd::rule
    was defined in a manifest.