Auditd : Install
2016/02/21 |
Configure System Auditing by Auditd.
It's possible to monitor System Calls, Security Events, File Accesses, Commands Executing and so on. |
|
[1] | Audit package is installed by default even if minimal installation of CentOS 7, but if not, install it like follows. |
[root@dlp ~]#
[root@dlp ~]# yum -y install audit
service auditd start [root@dlp ~]# systemctl enable auditd |
[2] | It's possible to change some settings of Auditd on auditd.conf. |
[root@dlp ~]#
vi /etc/audit/auditd.conf # line 5: specify logfile log_file = /var/log/audit/audit.log # line 11: number of logfiles if specified "max_log_file_action=ROTATE" num_logs = 5 # line 14: hostname in logfiles # valid value : NONE, HOSTNAME, FQD, NUMERIC, USER name_format = NONE # line 15: hostname you like if specified "name_format=USER" name = mydomain # line 16: maximum size of a logfile (MegaBytes) max_log_file = 6 # line 17: specify action if the size of a logfile is over the limit # valid value : IGNORE, SYSLOG, SUSPEND, ROTATE, KEEP_LOGS max_log_file_action = ROTATE |