On Fri, Jan 20, 2017 at 8:04 AM, Burn Alting <[email protected]> wrote: > Does anyone know of an exhaustive auditd event generator. > > I am aware of ausearch-test and audit-validation but I am looking for a > script or the like that will generate an exhaustive as possible set of > events - both success and failure. > > Basically, I am looking at a script that, once an 'auditctl ... -S > all ...' has been enabled, will attempt to generate one of every > syscall. Both success/fail. > > Something separate could do the the USER_, CRYPTO_ DAEMON_, SERVICE_, > CONFIG_ filewatch, etc events as well. > > Thanks in advance.
The two audit test suites I'm aware of are the Common Criteria focused audit-test[1] and the more recent, and much more meager audit-testsuite[2] that we use for simple kernel patch validation and regression testing. [1] https://sourceforge.net/projects/audit-test [2] https://github.com/linux-audit/audit-testsuite -- paul moore www.paul-moore.com -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
