Blame SOURCES/sos-bz1871207-audit_collect_etc_audisp.patch
|
 |
c3caec |
From d5ea9277698836ae34547cb995a0683a1f9f505e Mon Sep 17 00:00:00 2001
|
|
|
c3caec |
From: Jan Jansky <jjansky@redhat.com>
|
|
|
c3caec |
Date: Mon, 7 Sep 2020 09:21:55 +0200
|
|
|
c3caec |
Subject: [PATCH] [audit] collect /etc/audisp
|
|
|
c3caec |
|
|
|
c3caec |
Collect audit event multiplexor config dir.
|
|
|
c3caec |
|
|
|
c3caec |
Related: #2187
|
|
|
c3caec |
Resolves: #2227
|
|
|
c3caec |
|
|
|
c3caec |
Signed-off-by: Jan Jansky <jjansky@redhat.com>
|
|
|
c3caec |
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
c3caec |
---
|
|
|
c3caec |
sos/plugins/auditd.py | 4 +++-
|
|
|
c3caec |
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
c3caec |
|
|
|
c3caec |
diff --git a/sos/plugins/auditd.py b/sos/plugins/auditd.py
|
|
|
c3caec |
index 8380a6d..bbcd28c 100644
|
|
|
c3caec |
--- a/sos/plugins/auditd.py
|
|
|
c3caec |
+++ b/sos/plugins/auditd.py
|
|
|
c3caec |
@@ -21,7 +21,9 @@ class Auditd(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin):
|
|
|
c3caec |
def setup(self):
|
|
|
c3caec |
self.add_copy_spec([
|
|
|
c3caec |
"/etc/audit/auditd.conf",
|
|
|
c3caec |
- "/etc/audit/audit.rules"
|
|
|
c3caec |
+ "/etc/audit/audit.rules",
|
|
|
c3caec |
+ "/etc/audit/plugins.d/",
|
|
|
c3caec |
+ "/etc/audisp/",
|
|
|
c3caec |
])
|
|
|
c3caec |
self.add_cmd_output([
|
|
|
c3caec |
"ausearch --input-logs -m avc,user_avc -ts today",
|
|
|
c3caec |
--
|
|
|
c3caec |
1.8.3.1
|
|
|
c3caec |
|