Audit Conf files parsers
The auditd.conf file is a standard key = value file with hash comments. Active settings are provided using the get_active_settings_value method or by using the dictionary contains functionality.
The audispd.conf file has the same format and usage with auditd.conf.
Note
For Red Hat Enterprise Linux 7 and older, auditd and audispd are separate processes. Starting with Red Hat Enterprise Linux 8 the functionality of audispd has been migrated to auditd.
AuditdConf - file /etc/audit/auditd.conf
AudispdConf - file /etc/audisp/audispd.conf
Example
>>> conf = shared[AuditdConf]
>>> conf.get_active_setting_value('log_group')
'root'
>>> 'log_file' in conf
True
- class insights.parsers.auditd_conf.AudispdConf(*args, **kwargs)[source]
Bases:
AuditConfParser
- class insights.parsers.auditd_conf.AuditConfParser(*args, **kwargs)[source]
Bases:
Parser
A parser for accessing plain “key=value” configuration files, eg:
/etc/audit/auditd.conf
.
- class insights.parsers.auditd_conf.AuditdConf(*args, **kwargs)[source]
Bases:
AuditConfParser