#!/bin/bash
# Simple script to test audit configs.
# Clear audit logs, reboot the system, most of the events from rules
# will happen suring boot and work.
# This script will output list of keys missing in logs.

if ! test -r /var/log/audit/audit.log; then
	echo "ERROR: audit.log is not readable - check permissions and/or SELinux role!"
	exit 1
fi

# Code below is autogenerated...

ausearch -k time-change >/dev/null 2>/dev/null || echo time-change
ausearch -k DAC-policy >/dev/null 2>/dev/null || echo DAC-policy
ausearch -k FDP_DDM_EXT >/dev/null 2>/dev/null || echo FDP_DDM_EXT
ausearch -k FRU_PRS >/dev/null 2>/dev/null || echo FRU_PRS
ausearch -k FRU_RSA >/dev/null 2>/dev/null || echo FRU_RSA
ausearch -k MAC-policy >/dev/null 2>/dev/null || echo MAC-policy
ausearch -k access-audit-trail >/dev/null 2>/dev/null || echo access-audit-trail
ausearch -k backup-restore >/dev/null 2>/dev/null || echo backup-restore
ausearch -k etcsecuritywatch >/dev/null 2>/dev/null || echo etcsecuritywatch
ausearch -k etcsudoerswatch >/dev/null 2>/dev/null || echo etcsudoerswatch
ausearch -k group-modify >/dev/null 2>/dev/null || echo group-modify
ausearch -k group-modifyy >/dev/null 2>/dev/null || echo group-modifyy
ausearch -k hostname >/dev/null 2>/dev/null || echo hostname
ausearch -k identity >/dev/null 2>/dev/null || echo identity
ausearch -k list-users >/dev/null 2>/dev/null || echo list-users
ausearch -k log-watch >/dev/null 2>/dev/null || echo log-watch
ausearch -k module-load >/dev/null 2>/dev/null || echo module-load
ausearch -k module-unload >/dev/null 2>/dev/null || echo module-unload
ausearch -k net_acct >/dev/null 2>/dev/null || echo net_acct
ausearch -k network-settings >/dev/null 2>/dev/null || echo network-settings
ausearch -k power >/dev/null 2>/dev/null || echo power
ausearch -k rootcmd >/dev/null 2>/dev/null || echo rootcmd
ausearch -k session >/dev/null 2>/dev/null || echo session
ausearch -k special-config-changes >/dev/null 2>/dev/null || echo special-config-changes
ausearch -k successful-access >/dev/null 2>/dev/null || echo successful-access
ausearch -k successful-create >/dev/null 2>/dev/null || echo successful-create
ausearch -k successful-delete >/dev/null 2>/dev/null || echo successful-delete
ausearch -k successful-modification >/dev/null 2>/dev/null || echo successful-modification
ausearch -k successful-owner-change >/dev/null 2>/dev/null || echo successful-owner-change
ausearch -k successful-perm-change >/dev/null 2>/dev/null || echo successful-perm-change
ausearch -k system-locale >/dev/null 2>/dev/null || echo system-locale
ausearch -k time-change >/dev/null 2>/dev/null || echo time-change
ausearch -k unsuccessful-access >/dev/null 2>/dev/null || echo unsuccessful-access
ausearch -k unsuccessful-modification >/dev/null 2>/dev/null || echo unsuccessful-modification
