diff options
| author | Jose Castillo <jcastillo@redhat.com> | 2022-07-29 15:32:42 +0200 |
|---|---|---|
| committer | Jake Hunsaker <jhunsake@redhat.com> | 2022-08-02 09:51:51 -0400 |
| commit | a714cfbd0367ddc24ebc59e7ebfdea9bac5665c6 (patch) | |
| tree | eee7a84bb2af2b3e0155a52c6bc44d5abc406ed7 | |
| parent | ebee62fcddc89e19233797fc0c3619611d350b17 (diff) | |
| download | sos-a714cfbd0367ddc24ebc59e7ebfdea9bac5665c6.tar.gz | |
[auditd] Capture log files when configured to a non default location
The location of the audit.log files can be changed
in the configuration file /etc/audit/audit.conf.
This change ensures that we capture the log files
when the user specifies a different location via
log_file.
Signed-off-by: Jose Castillo <jcastillo@redhat.com>
| -rw-r--r-- | sos/report/plugins/auditd.py | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/sos/report/plugins/auditd.py b/sos/report/plugins/auditd.py index d29fd42d..6860edc6 100644 --- a/sos/report/plugins/auditd.py +++ b/sos/report/plugins/auditd.py @@ -33,9 +33,23 @@ class Auditd(Plugin, IndependentPlugin): "auditctl -l" ]) + config_file = "/etc/audit/auditd.conf" + log_file = "/var/log/audit/audit.log" + try: + with open(config_file, 'r') as cf: + for line in cf.read().splitlines(): + if not line: + continue + words = line.split('=') + if words[0].strip() == 'log_file': + log_file = words[1].strip() + except IOError as error: + self._log_error('Could not open conf file %s: %s' % + (config_file, error)) + if not self.get_option("all_logs"): - self.add_copy_spec("/var/log/audit/audit.log") + self.add_copy_spec(log_file) else: - self.add_copy_spec("/var/log/audit") + self.add_copy_spec(log_file+'*') # vim: set et ts=4 sw=4 : |