Debian 12 bookworm
Sponsored Link

Auditd : Install2023/07/13

 
Configure System Auditing by Auditd.
It's possible to monitor System Calls, Security Events, File Accesses, Commands Executing and so on.
[1] Install Auditd package.
root@dlp:~#
dnf -y install auditd
[2] It's possible to change some settings of Auditd on auditd.conf.
root@dlp:~#
vi /etc/audit/auditd.conf
# line 7 : specify logfile

log_file = /var/log/audit/audit.log
# line 12 : maximum size of a logfile (MegaBytes)

max_log_file = 8
# line 13 : number of logfiles if specified [max_log_file_action=ROTATE]

num_logs = 5
# line 15: hostname in logfiles
# valid value : NONE, HOSTNAME, FQD, NUMERIC, USER

name_format = NONE
# line 16: hostname you like if specified [name_format=USER]

##name = mydomain
# line 17: specify action if the size of a logfile is over the limit
# valid value : IGNORE, SYSLOG, SUSPEND, ROTATE, KEEP_LOGS

max_log_file_action = ROTATE
Matched Content