aa-log: add support for audit entries.

2025-01-18 00:48:10 +01:00 · 2022-03-17 14:03:00 +00:00 · 2022-03-17 14:03:00 +00:00 · fd1dce916d
commit fd1dce916d
parent 4ff371e739
1 changed files with 9 additions and 7 deletions
--- a/cmd/aa-log/main.go
+++ b/cmd/aa-log/main.go
@ -25,12 +25,13 @@ const LogFile = "/var/log/audit/audit.log"

 // Colors
 const (
-	Reset     = "\033[0m"
-	FgYellow  = "\033[33m"
-	FgBlue    = "\033[34m"
-	FgMagenta = "\033[35m"
-	BoldRed   = "\033[1;31m"
-	BoldGreen = "\033[1;32m"
+	Reset      = "\033[0m"
+	FgYellow   = "\033[33m"
+	FgBlue     = "\033[34m"
+	FgMagenta  = "\033[35m"
+	BoldRed    = "\033[1;31m"
+	BoldGreen  = "\033[1;32m"
+	BoldYellow = "\033[1;33m"
 )

 // AppArmorLog describes a apparmor log entry
@ -70,7 +71,7 @@ func removeDuplicateLog(logs []string) []string {
 // NewApparmorLogs return a new ApparmorLogs list of map from a log file
 func NewApparmorLogs(file *os.File, profile string) AppArmorLogs {
 	log := ""
-	exp := "apparmor=(\"DENIED\"|\"ALLOWED\")"
+	exp := "apparmor=(\"DENIED\"|\"ALLOWED\"|\"AUDIT\")"
 	if profile != "" {
 		exp = fmt.Sprintf(exp+".* profile=\"%s.*\"", profile)
 	}
@ -124,6 +125,7 @@ func (aaLogs AppArmorLogs) String() string {
 	state := map[string]string{
 		"DENIED":  BoldRed + "DENIED " + Reset,
 		"ALLOWED": BoldGreen + "ALLOWED" + Reset,
+		"AUDIT":   BoldYellow + "AUDIT  " + Reset,
 	}
 	// Order of impression
 	keys := []string{