Audit Conf files parsers¶

The auditd.conf file is a standard key = value file with hash comments. Active settings are provided using the get_active_settings_value method or by using the dictionary contains functionality.

The audispd.conf file has the same format and usage with auditd.conf.

Note

For Red Hat Enterprise Linux 7 and older, auditd and audispd are separate processes. Starting with Red Hat Enterprise Linux 8 the functionality of audispd has been migrated to auditd.

AuditdConf - file `/etc/audit/auditd.conf`¶

AudispdConf - file `/etc/audisp/audispd.conf`¶

Example

>>> conf = shared[AuditdConf]
>>> conf.get_active_setting_value('log_group')
'root'
>>> 'log_file' in conf
True

class insights.parsers.auditd_conf.AudispdConf(*args, **kwargs)[source]¶: Bases: insights.parsers.auditd_conf.AuditConfParser

class insights.parsers.auditd_conf.AuditConfParser(*args, **kwargs)[source]¶

Bases: insights.core.Parser

A parser for accessing plain “key=value” configuration files, eg: /etc/audit/auditd.conf.

get_active_setting_value(setting_name)[source]¶

Access active setting value by setting name.

Parameters:	setting_name (string) -- Setting name

parse_content(content)[source]¶

Main parsing class method which stores all interesting data from the content.

Parameters:	content (context.content) -- Parser context content

class insights.parsers.auditd_conf.AuditdConf(*args, **kwargs)[source]¶: Bases: insights.parsers.auditd_conf.AuditConfParser

Audit Conf files parsers¶

AuditdConf - file /etc/audit/auditd.conf¶

AudispdConf - file /etc/audisp/audispd.conf¶

AuditdConf - file `/etc/audit/auditd.conf`¶

AudispdConf - file `/etc/audisp/audispd.conf`¶