On Saturday, January 21, 2017 12:04:53 AM EST Burn Alting wrote: There really isn't one. I have only been able to collect about 73 of the ~160 record types. Some are really hard to generate such as the intergrity events. Some have barely been used like the responce events. Nothing does that, but the Linux Test Project has a syscall test suite that should exercise almost all positive and negative. I don't think you want to do a auditctl -S all. That would be way too much. Also, some syscalls are deprecated and there just for legacy purposes. Glibc won't let you get to it. And there are syscalls that glibc does not support and you have to call via the syscall(3) function. The audit test suite Paul mentioned will generate some of these events. However, Common Criteria testing is not exhaustive. It only covers events normally found in daily sysadmin activity. I think it would be a big help if anyone were to create such a generator. -Steve