Re: Introducing audit-explorer

2017.06.19 23:55, Steve Grubb rašė: Very nice, thanks for sharing! Now if we are talking about tools, are there somewhere (maybe in your shelf? :-) ) a conveniently configurable tool for generating daily plaintext (or HTML) reports, that could be sent via email from machine your are interested in? For example, I had to build custom bash script at work, that uses ausearch, aureport and even grep (for AppArmor events since it has issues with it's audit messages) to aggregate most interesting audit records (for example, with -k apache_user_executed_binaries, non-root executed something as root, failed logins and such) and sends it via email every day. Though it is not that complicated to fill your .sh with bunch of ausearch/aureport/grep calls, it feels like I'm reimplementing something...