Merge pull request #1938 from sever-sever/T5142

T5142: Add audit tool to monitor security-relevant events

2 files changed, 8 insertions, 0 deletions

diff --git a/debian/control b/debian/control
index 8cd49f62a..856f57030 100644
--- a/debian/control
+++ b/debian/control
@@ -35,6 +35,7 @@ Architecture: amd64 arm64
 Depends:
   ${python3:Depends},
   accel-ppp,
+  auditd,
   avahi-daemon,
   beep,
   bmon,
@@ -80,6 +81,7 @@ Depends:
   lcdproc,
   lcdproc-extra-drivers,
   libatomic1,
+  libauparse0,
   libbpf1 [amd64],
   libcharon-extra-plugins (>=5.9),
   libcharon-extauth-plugins (>=5.9),
diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in
index 7f6469ca9..7663e4c00 100644
--- a/op-mode-definitions/show-log.xml.in
+++ b/op-mode-definitions/show-log.xml.in
@@ -8,6 +8,12 @@
         </properties>
         <command>journalctl --no-hostname --boot</command>
         <children>
+          <leafNode name="audit">
+            <properties>
+              <help>Show audit logs</help>
+            </properties>
+            <command>cat /var/log/audit/audit.log</command>
+          </leafNode>
           <leafNode name="all">
             <properties>
               <help>Show contents of all master log files</help>