Last modified 5 years ago Last modified on 02.07.2012 21:03:31

cfauditdump

Version 0.9 is out

Release 0.9 is ready for download and build.

This is an initial release of this tool.

Description

This tool dumps audit database coming from cfengine 2.x (3.x in BerkeleyDB format works as well) in YAML format.

Processing audit database in cfengine is a better thing than parsing logs, because it has fixed format that doesn't change when different tools are being used. Hence, I find audit database machine-processable and reliable.

Application internals (including audit database structure) is available here: http://dozzie.jarowit.net/api/cfauditdump/

TODO

  • Tokyo Cabinet support (newer CFEngine 3.x releases)

How to download

git clone http://dozzie.jarowit.net/code/cfauditdump.git

How to install

NOTE: Installation process is tested for building packages. If you want to make mess in your system by omitting package system, you are on your own.

You need casual package building tools for your distribution, either rpm-build (RPMs) or dpkg-dev with fakeroot (DEBs).

Red Hat

  1. Prepare source RPM (non-root privileges are fine here)
    make srpm
    
  2. Build binary RPM (unless you've taken care of building as non-root, you need to be root here)
    rpmbuild --rebuild cfauditdump-*.src.rpm
    
  3. Install package with its dependencies (exact path should be printed by previous step); most probably it will be located in /usr/src/redhat/RPMS/noarch/cfauditdump-*.rpm

Debian

  1. Build binary package
    dpkg-buildpackage -b -uc
    
  2. Install package (../cfauditdump_*.deb) with its dependencies