Troglodyne-Internet-Widgets / Audit-Log-perl

perl parser of auditd logs
MIT License
0 stars 0 forks source link

Testing utilities: Check for unintended consequences of blocks #4

Open teodesian opened 2 years ago

teodesian commented 2 years ago

Checking for unexpected occurrences since the beginning of a block, over a whole file or during the entire harness run could be quite useful.

teodesian commented 2 years ago

Primary open question: how to know auditd has flushed the log? I suppose I could touch a tmpfile and wait for it to roll in.

Even then that doesn't account for spooky-action-at-a distance, such as that caused by code which shoves things into a batch executor's queue. I'll make sure to note in the log that handling such is to be left as an exercise for the reader.

teodesian commented 2 years ago

Aside from that it'll have to be a full-blown config file rather than an ignore file for a harness plugin.