Newbie: How to use auditd?
Steve Grubb
sgrubb at redhat.com
Tue Dec 21 15:41:02 UTC 2004
On Tuesday 21 December 2004 10:09, Linux wrote:
> I ran aduitd and auditctl under sysadm_r:sysadm_t.
> Am I missing something very important thing at first place?
I do my testing under targeted policy. I have no idea how strict policy
affects it.
> Please enlighten me how to use auditd and more info on
> linux audit facility, such as policy settings if required?
You should just install the latest rpm from rawhide. Then:
Tweek /etc/auditd.conf to your liking
chkconfig --add auditd
service auditd start
note: auditd is very early in its life. There are many things still to be
written and file formats to be decided upon. Because so much code is yet to
be written, I'm not looking for bug reports yet. I will announce to this mail
list when the program is far enough along that we want bug reports for it.
That's likely to be sometime early in January.
Hope this helps.
-Steve Grubb
More information about the Linux-audit
mailing list