| Server IP : 192.64.112.168 / Your IP : 3.135.199.179 Web Server : Apache System : Linux nc-ph-2300-85.bluforrest.com 4.18.0-513.9.1.el8_9.x86_64 #1 SMP Sat Dec 2 05:23:44 EST 2023 x86_64 User : expressoneac ( 1128) PHP Version : 8.0.30 Disable Function : exec,passthru,shell_exec,system MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /lib/python3.6/site-packages/sos/report/plugins/ |
Upload File : |
# This file is part of the sos project: https://github.com/sosreport/sos
#
# This copyrighted material is made available to anyone wishing to use,
# modify, copy, or redistribute it subject to the terms and conditions of
# version 2 of the GNU General Public License.
#
# See the LICENSE file in the source distribution for further information.
from sos.report.plugins import Plugin, IndependentPlugin
class Auditd(Plugin, IndependentPlugin):
short_desc = 'Audit daemon information'
plugin_name = 'auditd'
profiles = ('system', 'security')
packages = ('audit',)
def setup(self):
self.add_copy_spec([
"/etc/audit/auditd.conf",
"/etc/audit/audit.rules",
"/etc/audit/audit-stop.rules",
"/etc/audit/rules.d/",
"/etc/audit/plugins.d/",
"/etc/audisp/",
])
self.add_cmd_output(
"ausearch -i --input-logs -m avc,user_avc,fanotify -ts today"
)
self.add_cmd_output("auditctl -l", tags="auditctl_rules")
self.add_cmd_output("auditctl -s", tags="auditctl_status")
config_file = "/etc/audit/auditd.conf"
log_file = "/var/log/audit/audit.log"
try:
with open(config_file, 'r', encoding='UTF-8') as cfile:
for line in cfile.read().splitlines():
if not line:
continue
words = line.split('=')
if words[0].strip() == 'log_file':
log_file = words[1].strip()
except IOError as error:
self._log_error(f'Could not open conf file {config_file}: '
f'{error}')
if not self.get_option("all_logs"):
self.add_copy_spec(log_file)
else:
self.add_copy_spec(log_file+'*')
# vim: set et ts=4 sw=4 :