Auditd : Install2023/07/13 |
|
Configure System Auditing by Auditd.
It's possible to monitor System Calls, Security Events, File Accesses, Commands Executing and so on. |
|
| [1] | Install Auditd package. |
|
root@dlp:~# dnf -y install auditd
|
| [2] | It's possible to change some settings of Auditd on auditd.conf. |
|
root@dlp:~#
vi /etc/audit/auditd.conf # line 7 : specify logfile log_file = /var/log/audit/audit.log # line 12 : maximum size of a logfile (MegaBytes) max_log_file = 8 # line 13 : number of logfiles if specified [max_log_file_action=ROTATE] num_logs = 5 # line 15: hostname in logfiles # valid value : NONE, HOSTNAME, FQD, NUMERIC, USER name_format = NONE # line 16: hostname you like if specified [name_format=USER] ##name = mydomain # line 17: specify action if the size of a logfile is over the limit # valid value : IGNORE, SYSLOG, SUSPEND, ROTATE, KEEP_LOGS max_log_file_action = ROTATE |
| Sponsored Link |