Richard,

I have yet to start using the test suite, but I am looking for a Linux auditd testing capability which will provide

- a human readable description of the user or system entity's interaction with Linux for a given test
- the commands that enact the above test
- the resultant auditd file  which I can run though ausearch -i/aushape for processing

And generate this for each possible event and event sub-variant (e.g iterate over all syscalls and variants) that the Linux kernel and other mainstream utilities can generate.

I have been through https://sourceforge.net/projects/audit-test/ but this is problematic as it was difficult to get all the above AND pump the output into ausearch -i as it was processing.

Rgds


On Sun, 2017-05-07 at 12:43 -0400, Richard Guy Briggs wrote: 
Hi folks,

We're trying to get an idea of how many users there are for the
relatively new https://github.com/linux-audit/audit-testsuite and how
they are using it or would like to use it to help inform decisions about
how to manage the suite so that it is still useful to us but not prevent
some other unforseen reasonable use cases.

Who is using it?

How/Why?


Thanks!


- RGB

--
Richard Guy Briggs <rgb@redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit