Event generator
Paul Moore
paul at paul-moore.com
Fri Jan 20 13:35:03 UTC 2017
On Fri, Jan 20, 2017 at 8:04 AM, Burn Alting <burn at swtf.dyndns.org> wrote:
> Does anyone know of an exhaustive auditd event generator.
>
> I am aware of ausearch-test and audit-validation but I am looking for a
> script or the like that will generate an exhaustive as possible set of
> events - both success and failure.
>
> Basically, I am looking at a script that, once an 'auditctl ... -S
> all ...' has been enabled, will attempt to generate one of every
> syscall. Both success/fail.
>
> Something separate could do the the USER_, CRYPTO_ DAEMON_, SERVICE_,
> CONFIG_ filewatch, etc events as well.
>
> Thanks in advance.
The two audit test suites I'm aware of are the Common Criteria focused
audit-test[1] and the more recent, and much more meager
audit-testsuite[2] that we use for simple kernel patch validation and
regression testing.
[1] https://sourceforge.net/projects/audit-test
[2] https://github.com/linux-audit/audit-testsuite
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list