[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Newbie: How to use auditd?

On Tuesday 21 December 2004 10:09, Linux wrote:
> I ran aduitd and auditctl under sysadm_r:sysadm_t.
> Am I missing something very important thing at first place?

I do my testing under targeted policy. I have no idea how strict policy 
affects it.

> Please enlighten me how to use auditd and more info on
> linux audit facility, such as policy settings if required?

You should just install the latest rpm from rawhide. Then:

Tweek /etc/auditd.conf to your liking
chkconfig --add auditd
service auditd start

note: auditd is very early in its life. There are many things still to be 
written and file formats to be decided upon. Because so much code is yet to 
be written, I'm not looking for bug reports yet. I will announce to this mail 
list when the program is far enough along that we want bug reports for it. 
That's likely to be sometime early in January.

Hope this helps.

-Steve Grubb

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]