Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: ausearch spec takes auditd "log_file" as input #4186

Merged
merged 0 commits into from
Aug 13, 2024
Merged

fix: ausearch spec takes auditd "log_file" as input #4186

merged 0 commits into from
Aug 13, 2024

Conversation

xiangce
Copy link
Contributor

@xiangce xiangce commented Aug 9, 2024
edited
Loading

  • add '--input-logs' opiton to use the 'log_file' set in auditd.conf
    as input for searching. Without this the ausearch uses stdin
    as input and hence it eats the input from the following bash
    pipe
  • fix RHINENG-11883

All Pull Requests:

Check all that apply:

  • Have you followed the guidelines in our Contributing document, including the instructions about commit messages?
  • Is this PR to correct an issue?
  • Is this PR an enhancement?

@xiangce xiangce changed the title fix: ausearch spec takes audit.log as input instead of stdin fix: ausearch spec takes audit.log as input Aug 9, 2024
@xiangce xiangce changed the title fix: ausearch spec takes audit.log as input fix: ausearch spec takes auditd "log_file" as input Aug 9, 2024
@sayan3296 sayan3296 mentioned this pull request Aug 9, 2024
Merged
ekohl
ekohl reviewed Aug 9, 2024
View reviewed changes
Copy link

@ekohl ekohl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd suggest to enhance simple_command to close stdin to avoid this class of bugs in the future.

@xiangce xiangce mentioned this pull request Aug 9, 2024
Closed
@xiangce
Copy link
Contributor Author

xiangce commented Aug 9, 2024

I'd suggest to enhance simple_command to close stdin to avoid this class of bugs in the future.

Good suggestion, filed issue #4187 and will update it soon

@xiangce xiangce requested a review from JoySnow August 12, 2024 08:37
@xiangce
Copy link
Contributor Author

xiangce commented Aug 13, 2024

To fix the specific issue asap, I go ahead and merge this PR first.

@xiangce xiangce merged commit 35979ee into master Aug 13, 2024
9 of 12 checks passed
@xiangce xiangce deleted the RHINENG-11883 branch August 13, 2024 07:13
chenlizhong pushed a commit that referenced this pull request Aug 15, 2024
@xiangce @chenlizhong
fix: ausearch spec takes audit.log as input instead of stdin (#4186)
c1c538d 
- add '--input-log' to use the 'log_file' set in auditd.conf
  as input for searching. Without this the ausearch uses stdin
  as input and hence it eats the input from the following bash
  pipe
- fix RHINENG-11883

Signed-off-by: Xiangce Liu <[email protected]>
(cherry picked from commit 35979ee)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ekohl ekohl ekohl left review comments

@JoySnow JoySnow JoySnow approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@xiangce @ekohl @JoySnow