:py:mod:`dissect.target.plugins.os.unix.log.audit`
==================================================

.. py:module:: dissect.target.plugins.os.unix.log.audit


Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.unix.log.audit.AuditPlugin




Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.unix.log.audit.AuditRecord
   dissect.target.plugins.os.unix.log.audit.AUDIT_REGEX


.. py:data:: AuditRecord

   

.. py:data:: AUDIT_REGEX

   

.. py:class:: AuditPlugin(target)


   Bases: :py:obj:`dissect.target.plugin.Plugin`

   Base class for plugins.

   Plugins can optionally be namespaced by specifying the ``__namespace__``
   class attribute. Namespacing results in your plugin needing to be prefixed
   with this namespace when being called. For example, if your plugin has
   specified ``test`` as namespace and a function called ``example``, you must
   call your plugin with ``test.example``::

   A ``Plugin`` class has the following private class attributes:

   - ``__namespace__``
   - ``__record_descriptors__``

   With the following three being assigned in :func:`register`:

   - ``__plugin__``
   - ``__functions__``
   - ``__exports__``

   Additionally, the methods and attributes of :class:`Plugin` receive more private attributes
   by using decorators.

   The :func:`export` decorator adds the following private attributes

   - ``__exported__``
   - ``__output__``: Set with the :func:`export` decorator.
   - ``__record__``: Set with the :func:`export` decorator.

   The :func:`internal` decorator and :class:`InternalPlugin` set the ``__internal__`` attribute.
   Finally. :func:`args` decorator sets the ``__args__`` attribute.

   :param target: The :class:`~dissect.target.target.Target` object to load the plugin for.

   .. py:method:: check_compatible() -> None

      Perform a compatibility check with the target.

      This function should return ``None`` if the plugin is compatible with
      the current target (``self.target``). For example, check if a certain
      file exists.
      Otherwise it should raise an ``UnsupportedPluginError``.

      :raises UnsupportedPluginError: If the plugin could not be loaded.


   .. py:method:: get_log_paths() -> list[pathlib.Path]


   .. py:method:: audit() -> Iterator[AuditRecord]

      Return CentOS and RedHat audit information stored in /var/log/audit*.

      The audit log file on a Linux machine stores security-relevant information.
      Based on pre-configured rules. Log messages consist of space delimited key=value pairs.

      .. rubric:: References

      - https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/chap-system_auditing
      - https://linux-audit.com/linux-audit-log-files-in-var-log-audit/
      - https://man7.org/linux/man-pages/man8/auditd.8.html
      - https://man7.org/linux/man-pages/man8/ausearch.8.html
      - https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-understanding_audit_log_files