Cover more message types #1
Description
Ref.: https://github.com/linux-audit/audit-documentation
-
SELinux
Ref.: https://selinuxproject.org/page/NB_ALSELinux uses format different from all other audit events.
I'm not going to support it now. If you interested in SELinux
log pretty printing using audit_pretty - any help is appreciated.- AVC
- USER_AVC
- MAC_POLICY_LOAD
- USER_MAC_POLICY_LOAD
- MAC_CONFIG_CHANGE
- MAC_STATUS
- MAC_UNLBL_STCADD
- MAC_IPSEC_EVENT
- SELINUX_ERR
- USER_ROLE_CHANGE
-
AppArmor
- AVC (Policy violations)
- AVC (Status messages)
-
System lifecycle events
- SYSTEM_BOOT
- SYSTEM_RUNLEVEL
- DAEMON_START
- DAEMON_ABORT
- SERVICE_START (systemd)
- SERVICE_STOP (systemd)
- SERVICE_START (openrc)
- SERVICE_STOP (openrc)
- SYSTEM_SHUTDOWN
- DAEMON_END
-
User account lifecycle events
- ADD_USER
- USER_MGMT
- USER_CHAUTHTOK
- ROLE_ASSIGN
- ROLE_REMOVE
- DEL_USER
- ADD_GROUP
- GRP_MGMT
- GRP_CHAUTHTOK
- DEL_GROUP
-
User login lifecycle events
- CRYPTO_KEY_USER
- CRYPTO_SESSION
- USER_AUTH
- LOGIN
- USER_ACCT
- USER_CHAUTHTOK
- USER_ERR
- CRED_ACQ
- USER_ROLE_CHANGE
- USER_START
- USER_LOGIN
- CRED_REFR
- GRP_AUTH
- CHUSER_ID
- CHGRP_ID
- USER_LOGOUT
- USER_END
- CRED_DISP
- ANOM_LOGIN_FAILURES
- ANOM_LOGIN_TIME
- ANOM_LOGIN_SESSIONS
- ANOM_LOGIN_ACCT
- ANOM_LOGIN_LOCATION
-
Virt. manager guest lifecycle events
- VIRT_MACHINE_ID
- VIRT_INTEGRITY_CHECK
- VIRT_RESOURCE
- VIRT_CONTROL
-
Seccomp violation notifications
-
Generic record types
- PROCTITLE
- SYSCALL
- PATH
- CWD
This list is incomplete. More types listed here.