CentOS 7
Ads

Auditd : Install
2016/02/21
 
Configure System Auditing by Auditd.
It's possible to monitor System Calls, Security Events, File Accesses, Commands Executing and so on.
[1] Audit package is installed by default even if minimal installation of CentOS 7, but if not, install it like follows.
[root@dlp ~]#
yum -y install audit
[root@dlp ~]#
service auditd start

[root@dlp ~]#
systemctl enable auditd

[2] It's possible to change some settings of Auditd on auditd.conf.
[root@dlp ~]#
vi /etc/audit/auditd.conf
# line 5: specify logfile

log_file = /var/log/audit/audit.log
# line 11: number of logfiles if specified "max_log_file_action=ROTATE"

num_logs = 5
# line 14: hostname in logfiles

# valid value : NONE, HOSTNAME, FQD, NUMERIC, USER

name_format = NONE
# line 15: hostname you like if specified "name_format=USER"

name = mydomain
# line 16: maximum size of a logfile (MegaBytes)

max_log_file = 6
# line 17: specify action if the size of a logfile is over the limit

# valid value : IGNORE, SYSLOG, SUSPEND, ROTATE, KEEP_LOGS

max_log_file_action = ROTATE
 
Tweet