BUG: import the audit-validation code into a new repo on github.com/linux-audit

[pcmoore]

Source: https://people.redhat.com/sgrubb/audit/audit-validation-0.1.tar.gz

[WOnder93]

Preliminary verbatim import of version 0.1 for review:

https://github.com/WOnder93/audit-validation

[WOnder93]

I had a quick look at the code and I have the impression that this tool is still a bit crude and unfinished. Basically, it currently does two things:

• Checks whether the log contains system boot/shutdown/runlevel records in logical order.
• Checks whether the log contains service and daemon start/end/abort records in logical order. The code for this feature seems outdated since it reports a lot of false positives for me (it looks at the comm field, which is always systemd on current Fedora...).

Based on the comments in the code and documentation it seems it should eventually also perform a similar validation of user-session-related records, but this is not yet implemented (there is just a stub function for that).

Given that the tool does only basic sanity checking that is prone to false positives and is unfinished, I don't recommend it for importing into linux-audit at this point.