tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-09-25 10:57:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1594 from pSub/fix/auditd-default-log-location

Browse Source 
ACCT-9634: Check for auditd log file at default location if not defined
This commit is contained in:
Michael Boelen 2025-07-30 15:18:33 +00:00 committed by GitHub
commit 8949f543e3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
include/tests_accounting
View File

@ -231,23 +231,25 @@
Register --test-no ACCT-9634 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for auditd log file"
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Checking auditd log file"
DEFAULT_LOCATION="/var/log/audit/audit.log"
FIND=$(${GREPBINARY} "^log_file" ${AUDITD_CONF_FILE} | ${AWKBINARY} '{ if ($1=="log_file" && $2=="=") { print $3 } }')
if [ -n "${FIND}" ]; then
LogText "Result: log file is defined"
LogText "Defined value: ${FIND}"
else
LogText "Result: log file is not defined"
LogText "Assumed default location: ${DEFAULT_LOCATION}"
FIND="${DEFAULT_LOCATION}"
fi
if [ -f ${FIND} ]; then
LogText "Result: log file ${FIND} exists on disk"
Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_FOUND}" --color GREEN
Report "logfile[]=${FIND}"
else
LogText "Result: can't find log file ${FIND} on disk"
Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_SUGGESTION}" --color YELLOW
ReportSuggestion "${TEST_NO}" "Check auditd log file location"
fi
else
LogText "Result: no log file found"
Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_WARNING}" --color RED
ReportWarning "${TEST_NO}" "Auditd log file is defined but can not be found on disk"
Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_SUGGESTION}" --color RED
ReportWarning "${TEST_NO}" "Check auditd log file location"
fi
fi
#