A salt module for modifying the audit policies on the machine
Though this module does not set group policy for auditing, it displays how all auditing configuration is applied on the machine, either set directly or via local or domain group policy.
New in version 2018.3.4.
New in version 2019.2.1.
This module allows you to view and modify the audit settings as they are applied on the machine. The audit settings are broken down into nine categories:
Account Logon
Account Management
Detailed Tracking
DS Access
Logon/Logoff
Object Access
Policy Change
Privilege Use
System
The get_settings function will return the subcategories for all nine of
the above categories in one dictionary along with their auditing status.
To modify a setting you only need to specify the subcategory name and the value you wish to set. Valid settings are:
No Auditing
Success
Failure
Success and Failure
CLI Example:
# Get current state of all audit settings
salt * auditpol.get_settings
# Get the current state of all audit settings in the "Account Logon"
# category
salt * auditpol.get_settings category="Account Logon"
# Get current state of the "Credential Validation" setting
salt * auditpol.get_setting name="Credential Validation"
# Set the state of the "Credential Validation" setting to Success and
# Failure
salt * auditpol.set_setting name="Credential Validation" value="Success and Failure"
# Set the state of the "Credential Validation" setting to No Auditing
salt * auditpol.set_setting name="Credential Validation" value="No Auditing"
Get the current configuration for the named audit setting
name (str) -- The name of the setting to retrieve
The current configuration for the named setting
KeyError -- On invalid setting name
CommandExecutionError -- If an error is encountered retrieving the settings
CLI Example:
# Get current state of the "Credential Validation" setting
salt * auditpol.get_setting "Credential Validation"
Get the current configuration for all audit settings specified in the category
category (str) --
One of the nine categories to return. Can also be All to return
the settings for all categories. Valid options are:
Account Logon
Account Management
Detailed Tracking
DS Access
Logon/Logoff
Object Access
Policy Change
Privilege Use
System
All
Default value is All
category along with their current configuration
KeyError -- On invalid category
CommandExecutionError -- If an error is encountered retrieving the settings
CLI Example:
# Get current state of all audit settings
salt * auditipol.get_settings
# Get the current state of all audit settings in the "Account Logon"
# category
salt * auditpol.get_settings "Account Logon"
Set the configuration for the named audit setting
True if successful
KeyError -- On invalid name or value
CommandExecutionError -- If an error is encountered modifying the setting
CLI Example:
# Set the state of the "Credential Validation" setting to Success and
# Failure
salt * auditpol.set_setting "Credential Validation" "Success and Failure"
# Set the state of the "Credential Validation" setting to No Auditing
salt * auditpol.set_setting "Credential Validation" "No Auditing"