Audit - FAQ

Why does goss run manually fail?

example.

goss -g goss.yml -v

Goss is designed to run from the scripts passing discovered variables into Goss for metadata. Without these values being set, Goss will fail. These metadata variables can bee seen towards the end of the goss.yml file. Furthermore, the run_audit script shows how these variables are created and passed to Goss.

Why do I have different results between x86_64 and AMD64/aarch64 audits?

The two different hardware architectures provide distinct system calls within the OS that auditd can utilize. This is often the source of increased failures compared to x86_64, as they are unable to execute all commands.

My system is impacted when running the audit. How can I restrict its effect?

On both Windows and Linux, you have the ability to limit the number of processes that run at the same time.

This is set using a variable as part of the playbook.

audit_max_concurrent

Or if running manually using the run_audit script.

-m #

It is also possible on Linux to change the priority of a process by using nice

• set process priorities