Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Reading auditd events while testing apparmor
#!/usr/bin/env python
import socket
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
sock.connect('/var/run/audispd_events')
def read(s):
buff = ""
while True:
buff += s.recv(128)
lines = buff.split("\n")
if len(lines) > 1:
for line in lines[:-1]:
yield line
buff = lines[-1]
for line in read(sock):
chunks = line[:-1].split(' ')
d = dict(a.split('=', 1) for a in chunks)
if 'apparmor' in d:
print d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment