CentOS Stream 8
Sponsored Link

Auditd : Install2021/03/04

 
Configure System Auditing by Auditd.
It's possible to monitor System Calls, Security Events, File Accesses, Commands Executing and so on.
[1] Audit package is installed by default even if minimal installation of CentOS Stream 8, but if not, Install it like follows.
[root@dlp ~]#
dnf -y install audit
[root@dlp ~]#
systemctl enable --now auditd

[2] It's possible to change some settings of Auditd on auditd.conf.
[root@dlp ~]#
vi /etc/audit/auditd.conf
# line 7: specify logfile

log_file = /var/log/audit/audit.log
# line 12: maximum size of a logfile (MegaBytes)

max_log_file = 8
# line 13: number of logfiles if specified [max_log_file_action=ROTATE]

num_logs = 5
# line 15: hostname in logfiles

# valid value : NONE, HOSTNAME, FQD, NUMERIC, USER

name_format = NONE
# line 16: hostname you like if specified [name_format=USER]

##name = mydomain
# line 17: specify action if the size of a logfile is over the limit

# valid value : IGNORE, SYSLOG, SUSPEND, ROTATE, KEEP_LOGS

max_log_file_action = ROTATE
Matched Content