utils.unix.audit module

Auditing helpers

utils.unix.audit.check_audit_lines(ctx: Context, *, syscalls: List[str], is_x64: bool | None = None) → List[str]

Check if the given syscall(s) are missing from the auditd configuration file

By default, determines if the configuration should include b64 as well as b32 automatically, but this may be explicitly given if needed.

Internally calls recommend_compliant/noncompliant, so callers should not need to do anything else.

Returns the comment sent for recommend_comment. Primarily used for testing purposes, generally not needed by caller.