I wanted to check if anyone was aware of a setting on RedHat box for enabling the PROCTITLE event type for audit logs? Is there any difference between RedHat and CentOS? I have one box running RedHat 7.3 and another running CentOS 7.3, with auditd enabled on both with the same rules. However, only the RedHat box is populating the event type PROCTITLE – the CentOS box does not.
I would like to get the PROCTITLE event type working on my CentOS box as well, if possible, but I cannot find any documentation online about anyone else having this issue and how to resolve.
Thanks for your time.
Joshua Ammons Advanced SIEM Engineer, Cybersecurity
Global Business Services
Office 479.204.4472 | Mobile 479.595.2291
Joshua Ammons walmart com
805 Moberly Ln
Bentonville, AR 72716
Save money. Live better.