Novell Home

My Favorites

Close

Please to see your favorites.

Advanced Search

What's New

Key:

  • Best Bet
  • Support TID
  • Articles/Tips
  • Documentation
  • Patches/Security
  • Forums

Linux Audit Quick Start
17 Oct 2014 ...proceed as follows: Stop the default audit daemon with the rcauditd stop command. Adjust the system configuration for audit and enable audit. Configure the audit daemon. Determine which system components to audit and set up audit rules. Optionally configure

Suse Doc: Quick Start Manuals - Setting Up Audit Rules - October 17 2014
17 Oct 2014 ...Suse Doc: Quick Start Manuals - Setting Up Audit Rules - October 17 2014. Setting Up Audit Rules Audit rules are used to specify which components of your system are audited. There are three basic types of audit rules: Basic audit system parameters File

Suse Doc: Security Guide - Configuring the Audit Daemon - October 17 2014
17 Oct 2014 ...in the /etc/audit/audit.rules file. disp_qos and dispatcher The dispatcher is started by the audit daemon during its start. The audit daemon relays the audit messages to the application specified in dispatcher . This application must be a highly trusted

Suse Doc: Security Guide - Passing Parameters to the Audit System - October 17 2014
17 Oct 2014 ...audit system by executing auditctl on the command line are not persistent across system restarts. For changes to persist, add them to the /etc/audit/audit.rules file and, if they are not currently loaded into audit, restart the audit system to load the

Suse Doc: Security Guide - Understanding Linux Audit - October 17 2014
17 Oct 2014 ...retrieving old data correctly. Review the Audit Trail Linux audit provides tools that write the audit reports to disk and translate them into human readable format. Review Particular Audit Events Audit provides a utility that allows you to filter the audit

Suse Doc: Security Guide - Understanding the Audit Logs and Generating Reports - October 17 2014
17 Oct 2014 ...logs when a user tries to remotely log in to a machine running audit. Example 31-7 A Simple Audit Event—Viewing the Audit Log type=SYSCALL msg=audit(1234874638.599:5207): arch=c000003e syscall=2 success=yes exit=4 a0=62fb60 a1=0 a2=31 a3=0 items=1 ppid

Suse Doc: Security Guide - Setting Up Audit Rules - October 17 2014
17 Oct 2014 ...Introducing an Audit Rule Set . Audit rules can be passed to the audit daemon on the auditctl command line as well as by composing a rule set in /etc/audit/audit.rules which is processed whenever the audit daemon is started. To customize /etc/audit/audit.rules

Suse Doc: Security Guide - Introducing the Components of Linux Audit - October 17 2014
17 Oct 2014 ...31.3, Controlling the Audit System Using auditctl . audit rules The file /etc/audit/audit.rules contains a sequence of auditctl commands that are loaded at system boot time immediately after the audit daemon is started. For more information about audit

Suse Doc: Security Guide - Controlling the Audit System Using auditctl - October 17 2014
17 Oct 2014 ...to the audit and to what extent they are audited. Audit rules can be passed to the audit daemon on the auditctl command line as well as by composing a rule set and instructing the audit daemon to process this file. By default, the rcauditd script is configured

Suse Doc: Security Guide - Setting Up the Linux Audit Framework - October 17 2014
17 Oct 2014 ...details. Check or modify the basic audit daemon configuration. Refer to Section 32.2, Configuring the Audit Daemon for details. Enable auditing for system calls. Refer to Section 32.3, Enabling Audit for System Calls for details. Compose audit rules to

© 2014 Novell

Check this box to also search documents last modified more than 7 years ago