发表新帖
发表新帖

Script that calls ausearch behaves differently when piped data on stdin

前端 未结
关注
2 2031
一整个雨季
一整个雨季 2021-01-15 17:59

Can someone explain why passing a bash script data via STDIN would cause the command within the script to NOT function?

Script:

#!/bin/bash
ausearch
相关标签:
2条回答
  • 时光说笑
    2021-01-15 18:02

    Nothing is wrong with bash, stdin, or your script. ausearch's behavior is the cause.

    The ausearch utility can also take input from stdin as long as the input is the raw log data.

    See the ausearch manpage: http://man7.org/linux/man-pages/man8/ausearch.8.html

    Your script is passing the args just as it should but because of the pipe ausearch is only reading "blah" from stdin and not the default logfiles and giving no matches.

    If you need this to not happen use SOMEVAR=$(cat /dev/stdin) to capture stdin in bash and pass it to ausearch or any other part of the script as $SOMEVAR.

    0 讨论(0)
  • 难免孤独
    2021-01-15 18:15

    ausearch changes its behavior if stdin is a pipe. If it is it searches through stdin rather than through the audit daemon logs. You can use --input-logs to force it to read from the logs.

    echo "blah" | ausearch -i -a 1221217 --input-logs

    Redirecting stdin would achieve the same end.

    #!/bin/bash
ausearch -i -a 1221217 < /dev/null
    0 讨论(0)
 看不清?
提交回复
热议问题