Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ACCT-9634: Check for auditd log file at default location if not defined #1594

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

ACCT-9634: Check for auditd log file at default location if not defined #1594

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 14 additions & 12 deletions include/tests_accounting
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -232,23 +232,25 @@
Register --test-no ACCT-9634 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for auditd log file"
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Checking auditd log file"
DEFAULT_LOCATION="/var/log/audit/audit.log"
FIND=$(${GREPBINARY} "^log_file" ${AUDITD_CONF_FILE} | ${AWKBINARY} '{ if ($1=="log_file" && $2=="=") { print $3 } }')
if [ -n "${FIND}" ]; then
LogText "Result: log file is defined"
LogText "Defined value: ${FIND}"
if [ -f ${FIND} ]; then
LogText "Result: log file ${FIND} exists on disk"
Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_FOUND}" --color GREEN
Report "logfile[]=${FIND}"
else
LogText "Result: can't find log file ${FIND} on disk"
Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_SUGGESTION}" --color YELLOW
ReportSuggestion "${TEST_NO}" "Check auditd log file location"
fi
else
LogText "Result: no log file found"
Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_WARNING}" --color RED
ReportWarning "${TEST_NO}" "Auditd log file is defined but can not be found on disk"
LogText "Result: log file is not defined"
LogText "Assumed default location: ${DEFAULT_LOCATION}"
FIND="${DEFAULT_LOCATION}"
fi

if [ -f ${FIND} ]; then
LogText "Result: log file ${FIND} exists on disk"
Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_FOUND}" --color GREEN
Report "logfile[]=${FIND}"
else
LogText "Result: can't find log file ${FIND} on disk"
Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_SUGGESTION}" --color RED
ReportWarning "${TEST_NO}" "Check auditd log file location"
fi
fi
#
Expand Down