Auditd : Install2021/03/04 |
|
Configure System Auditing by Auditd.
It's possible to monitor System Calls, Security Events, File Accesses, Commands Executing and so on. |
|
| [1] | Audit package is installed by default even if minimal installation of CentOS Stream 8, but if not, Install it like follows. |
|
[root@dlp ~]#
[root@dlp ~]# dnf -y install audit
systemctl enable --now auditd |
| [2] | It's possible to change some settings of Auditd on auditd.conf. |
|
[root@dlp ~]#
vi /etc/audit/auditd.conf # line 7: specify logfile log_file = /var/log/audit/audit.log # line 12: maximum size of a logfile (MegaBytes) max_log_file = 8 # line 13: number of logfiles if specified [max_log_file_action=ROTATE] num_logs = 5 # line 15: hostname in logfiles # valid value : NONE, HOSTNAME, FQD, NUMERIC, USER name_format = NONE # line 16: hostname you like if specified [name_format=USER] ##name = mydomain # line 17: specify action if the size of a logfile is over the limit # valid value : IGNORE, SYSLOG, SUSPEND, ROTATE, KEEP_LOGS max_log_file_action = ROTATE |
| Sponsored Link |