Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 393

mkbar and mkgraph were created by Steve Grubb at Red Hat. They are available
from http://people.redhat.com/sgrubb/audit/visualize/. Because
the current version of audit in SUSE Linux Enterprise Desktop does not ship with these
scripts, proceed as follows to make them available on your system:
1 Download the scripts to root's ~/bin directory:
wget http://people.redhat.com/sgrubb/audit/visualize/mkbar -O ~/bin/mkbar
wget http://people.redhat.com/sgrubb/audit/visualize/mkgraph -O
~/bin/mkgraph
2 Adjust the file permissions to read, write, and execute for root:
chmod 744 ~/bin/mk{bar,graph}
To plot summary reports, such as the ones discussed in
(page 377), use the script mkbar. Some example commands could look
Audit Reports"
like the following:
Create a Summary of Events
aureport -e -i --summary | mkbar events
Create a Summary of File Events
aureport -f -i --summary | mkbar files
Create a Summary of Login Events
aureport -l -i --summary | mkbar login
Create a Summary of User Events
aureport -u -i --summary | mkbar users
Create a Summary of System Call Events
aureport -s -i --summary | mkbar syscalls
To create a summary chart of failed events of any of the above event types, just add
the --failed option to the respective aureport command. To cover a certain pe-
riod of time only, use the -ts and -te options on aureport. Any of these commands
can be tweaked further by narrowing down its scope using grep or egrep and regular
expressions. See the comments in the mkbar script for an example. Any of the above
commands produces a PNG file containing a bar chart of the requested data.
Section 31.5, "Configuring
Setting Up the Linux Audit Framework 381