:py:mod:`dissect.target.plugins.os.unix.log.audit`
==================================================

.. py:module:: dissect.target.plugins.os.unix.log.audit




Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.unix.log.audit.AuditPlugin




Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.unix.log.audit.AuditRecord
   dissect.target.plugins.os.unix.log.audit.AUDIT_REGEX


.. py:data:: AuditRecord

.. py:data:: AUDIT_REGEX

.. py:class:: AuditPlugin(target: dissect.target.target.Target)

   Bases: :py:obj:`dissect.target.plugin.Plugin`


   Unix audit log plugin.


   .. py:attribute:: log_paths
      :value: []



   .. py:method:: check_compatible() -> None

      Perform a compatibility check with the target.

      This function should return ``None`` if the plugin is compatible with the current target (``self.target``).
      For example, check if a certain file exists. Otherwise it should raise an
      :class:`UnsupportedPluginError`.

      :raises UnsupportedPluginError: If the plugin could not be loaded.



   .. py:method:: get_log_paths() -> list[pathlib.Path]


   .. py:method:: audit() -> collections.abc.Iterator[AuditRecord]

      Return CentOS and RedHat audit information stored in /var/log/audit*.

      The audit log file on a Linux machine stores security-relevant information.
      Based on pre-configured rules. Log messages consist of space delimited key=value pairs.

      .. rubric:: References

      - https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/chap-system_auditing
      - https://linux-audit.com/linux-audit-log-files-in-var-log-audit/
      - https://man7.org/linux/man-pages/man8/auditd.8.html
      - https://man7.org/linux/man-pages/man8/ausearch.8.html
      - https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-understanding_audit_log_files