Re: Event generator
On Fri, Jan 20, 2017 at 8:04 AM, Burn Alting <burn(a)swtf.dyndns.org> wrote:
Does anyone know of an exhaustive auditd event generator.
I am aware of ausearch-test and audit-validation but I am looking for a
script or the like that will generate an exhaustive as possible set of
events - both success and failure.
Basically, I am looking at a script that, once an 'auditctl ... -S
all ...' has been enabled, will attempt to generate one of every
syscall. Both success/fail.
Something separate could do the the USER_, CRYPTO_ DAEMON_, SERVICE_,
CONFIG_ filewatch, etc events as well.
Thanks in advance.
The two audit test suites I'm aware of are the Common Criteria focused
audit-test[1] and the more recent, and much more meager
audit-testsuite[2] that we use for simple kernel patch validation and
regression testing.
[1] https://sourceforge.net/projects/audit-test
[2] https://github.com/linux-audit/audit-testsuite
--
paul moore
www.paul-moore.com