2059088 – More robust handling of the --input flag for audit CLI tools, e.g. aureport

Bug 2059088 - More robust handling of the --input flag for audit CLI tools, e.g. aureport

Summary: More robust handling of the --input flag for audit CLI tools, e.g. aureport

Keywords:
Status:	NEW
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	audit
Sub Component:
Version:	9.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Sergio Correia
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-02-28 07:49 UTC by Apurbita Mukherjee
Modified:	2023-07-29 07:28 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Feature Request
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-113952	0	None	None	None	2022-02-28 07:56:07 UTC
Red Hat Issue Tracker	SECENGSP-4384	0	None	None	None	2022-02-28 07:56:10 UTC

Comment 1 Steve Grubb 2022-02-28 13:46:01 UTC

The ausearch/aureport applications support being passed a directory. The naming scheme for all of auditd's logs is that they have a number appended to the file name to indicate an ordering. The file name must match the filename in auditd.conf's log_file config option. Typically it's audit.log. The number appended is sequential with the largest number being the oldest log. In the case that the log is the current log being written to, it shall not have a number appended. If the files conform to this, it works today.

The only problem comes when someone decides they want to reorganize the files by appending some other numbering scheme to the files. How do you accommodate all possible numbering schemes?

Note You need to log in before you can comment on or make changes to this bug.