AuditctlStatus - Report auditd status¶
-
class
insights.parsers.auditctl_status.
AuditctlStatus
(context, extra_bad_lines=[])[source]¶ Bases:
insights.core.LegacyItemAccess
,insights.core.CommandParser
Module for parsing the output of the
auditctl -s
command.Typical output on RHEL6 looks like:
AUDIT_STATUS: enabled=1 flag=1 pid=1483 rate_limit=0 backlog_limit=8192 lost=3 backlog=0
, while on RHEL7 the output changes to:
enabled 1 failure 1 pid 947 rate_limit 0 backlog_limit 320 lost 0 backlog 0 loginuid_immutable 0 unlocked
Example
>>> type(auds) <class 'insights.parsers.auditctl_status.AuditctlStatus'> >>> "enabled" in auds True >>> auds['enabled'] 1