-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
rhel-8.3.0
-
Minor
-
sst_security_special_projects
-
ssg_security
-
None
-
False
-
-
None
-
If docs needed, set a value
-
-
Unspecified
-
None
This bug was initially created as a copy of Bug #1812604
I am copying this bug because:
It represents 2 entirely different requests. This will focus on the json output.
1. Proposed title of this feature request
Machine process-able output from auditctl
3. What is the nature and description of the request?
I would like to be able to run something like 'auditctl --check <filename>' and have it return some sort of structured output that is easy to process via a script. The customer has provided a suggestion using JSON.
4. Why does the customer need this? (List the business requirements here)
Customer reports they need to fully load a ruleset into a running state to get the check done which is not ideal if we need to test changes on a live system.
They would also like a programmatic way of parsing the output with scripting.
5. How would the customer like to achieve this? (List the functional requirements here)
Customer provided examples:
$ cat test.rules
-c
-D
-f 1
-r 200
-b 30000
-w /var/log
-w /tmp/*
-w /etc/foo/bar
-a never,exit -F arch=b64 -F uid=bob
-s
- cat test.json
{
"metadata": { "rules_loaded": "enabled": 1, "failure": 1, "rate_limit": 200, "backlog_limit": 30000, "backlog_wait_time": 60000, "loginuid_immutable": 0 },
{ "message": [ "Warning - wildcard notation is not supported" ], "line": "<Would love to know>", "content": "<Cannot figure out without the line>" }
"warnings": [],
{ "message": [ "Error sending add rule data request (No such file or directory)" ], "line": 8, "content": "-w /etc/foo/bar" }
"errors": [
,
{ "message": [ "-F unknown field: uid", "Unknown user: bob" ], "line": 9, "content": "-a never,exit -F arch=b64 -F uid=bob" }]
}
6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.
Based on the formatting of the output, the customer can develop scripts to parse it and test rule sets.
8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?
RHEL 8
11. Would the customer be able to assist in testing this functionality if implemented?
Yes.