Skip to content

Update audit.rules #123

Update audit.rules

Update audit.rules #123

Workflow file for this run

# Auditd Config Testing
name: Auditd Syntax Checks
on:
# Triggers the workflow on push or pull request events but only for the "master" branch
push:
branches:
- master
pull_request:
branches:
- master
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v3
- name: Update package information
run: sudo apt update
- name: Install auditd
run: sudo apt install -y auditd
- name: Start auditd
run: if ! (systemctl is-active auditd); then sudo systemctl start auditd; fi
- name: Remove default rules
run: |
sudo ls -l /etc/audit/rules.d/
sudo rm /etc/audit/audit.rules
sudo rm -rf /etc/audit/rules.d
sudo mkdir /etc/audit/rules.d
- name: Copy rules file to rules directory
run: sudo cp $GITHUB_WORKSPACE/audit.rules /etc/audit/rules.d/
- name: Check rules
run: sudo augenrules --check 2>&1
# This will load the compiled rules file, check how many lines are in it, and display each line if successful
- name: Load rules
run: |
sudo augenrules --load 2>&1
sudo wc -l /etc/audit/audit.rules
sudo auditctl -l