403Webshell
Server IP : 172.67.216.182  /  Your IP : 162.158.171.28
Web Server : Apache
System : Linux krdc-ubuntu-s-2vcpu-4gb-amd-blr1-01.localdomain 5.15.0-142-generic #152-Ubuntu SMP Mon May 19 10:54:31 UTC 2025 x86_64
User : www ( 1000)
PHP Version : 7.4.33
Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /lib/python3/dist-packages/sos/report/plugins/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /lib/python3/dist-packages/sos/report/plugins/auditd.py
# This file is part of the sos project: https://github.com/sosreport/sos
#
# This copyrighted material is made available to anyone wishing to use,
# modify, copy, or redistribute it subject to the terms and conditions of
# version 2 of the GNU General Public License.
#
# See the LICENSE file in the source distribution for further information.

from sos.report.plugins import Plugin, IndependentPlugin


class Auditd(Plugin, IndependentPlugin):

    short_desc = 'Audit daemon information'

    plugin_name = 'auditd'
    profiles = ('system', 'security')

    packages = ('audit',)

    def setup(self):
        self.add_copy_spec([
            "/etc/audit/auditd.conf",
            "/etc/audit/audit.rules",
            "/etc/audit/audit-stop.rules",
            "/etc/audit/rules.d/",
            "/etc/audit/plugins.d/",
            "/etc/audisp/",
        ])
        self.add_cmd_output([
            "ausearch --input-logs -m avc,user_avc,fanotify -ts today",
            "auditctl -s",
            "auditctl -l"
        ])

        config_file = "/etc/audit/auditd.conf"
        log_file = "/var/log/audit/audit.log"
        try:
            with open(config_file, 'r') as cf:
                for line in cf.read().splitlines():
                    if not line:
                        continue
                    words = line.split('=')
                    if words[0].strip() == 'log_file':
                        log_file = words[1].strip()
        except IOError as error:
            self._log_error('Could not open conf file %s: %s' %
                            (config_file, error))

        if not self.get_option("all_logs"):
            self.add_copy_spec(log_file)
        else:
            self.add_copy_spec(log_file+'*')

# vim: set et ts=4 sw=4 :

Youez - 2016 - github.com/yon3zu
LinuXploit