component: - audit framework: beakerlib require: - url: https://gitlab.cee.redhat.com/special-projects/tests/audit name: /Library/testing type: library - audit adjust: - enabled: false when: distro == rhel-4, rhel-5, rhel-6 continue: false contact: - Ondrej Moris description: |+ Test that log_format options of auditd works as expected. The log_format describes how the information should be stored on disk. There are 2 options and 1 depreated: * NOLOG - deprecated, if you are setting this format, now you should set the write_logs option to no; * RAW - the audit records will be stored in a format exactly as the kernel sends it (default); * ENRICHED - will resolve all uid, gid, syscall, architecture, and socket address information before writing the event to disk. This aids in making sense of events created on one system but reported/analized on another system. duration: 5m enabled: true extra-nitrate: TC#0534813 extra-summary: /CoreOS/audit/Sanity/options-log-format extra-task: /CoreOS/audit/Sanity/options-log-format link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1414812 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1406525 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1382397 - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1127343 recommend: - audit - audispd-plugins - vim-common summary: Sanity of log_format option of auditd tag: - CI-Tier-1 - NoRHEL4 - NoRHEL5 - NoRHEL6 - TIPfail - TIPfail_Security - Tier1 - Tier1security test: ./runtest.sh tier: '1' name: /Sanity/options-log-format order: 50 id: path: /Sanity/options-log-format manual: false tty: false environment: {} result: respect where: check: [] restart-on-exit-code: [] restart-max-count: 1 restart-with-reboot: false sources: - /var/tmp/tmt/run-017/Plans/gating/discover/Downstream_audit_tests/tests/main.fmf - /var/tmp/tmt/run-017/Plans/gating/discover/Downstream_audit_tests/tests/Sanity/options-log-format/main.fmf context: {}