-
Notifications
You must be signed in to change notification settings - Fork 682
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
inspec hangs on command('ausearch -k docker').stdout #768
Comments
an addition. i tested with |
@atomic111 Thanks for reporting that issue. This sounds strange. Is the following working?
|
i found the solution. i have to add the parameter --input-logs like this the explanation is, that ausearch with --input-logs read the location of the log file from the auditd.conf and not from stdin.
@chris-rock thanks for your help |
Thanks @atomic111 for the quick turn-around. This is really good to know. |
Description
I connect via inspec shell -t ssh://vagrant@127.0.0.1 --port 2201 --key-files vm_docker/.vagrant/machines/centos7/virtualbox/private_key --sudo to a vagrant box and want to execute command('ausearch -k docker').stdout to get the audit log for the docker process.
InSpec and Platform Version
0.21.1
Replication Case
Install auditd and start the daemon my config looks like this:
auditd.conf
audit.rules
It looks like that the ausearch tool can not query the auditd daemon. Because if i use
command('sh -c "ausearch -k docker > output.log"').stdout
then it creates the output.log, but it is empty.The text was updated successfully, but these errors were encountered: