Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to configure Audit in Redhat?
Operating Systems Linux Red Hat How to configure Audit in Redhat? Post 302984028 by bentech4u on Thursday 20th of October 2016 04:33:42 AM
Old 10-20-2016
How to configure Audit in Redhat?
Hi
i am new to this area and in want to know how can i configure auditd .

i have copied /usr/share/doc/audit-2.4.1/stig.rules to /etc/audit/audit.rules then i ran
Code:
auditctl -R /etc/audit/audit.rules

after that auditctl -l is listing all the rule which i mentioned in

but how can i analyze these logs. is there any tools for that. audit.log file is having . this file has getting filled by so many entries.

Regards,
Ben


Moderator's Comments:
Mod Comment Please use CODE tags as required by forum rules!
Last edited by RudiC; 10-20-2016 at 05:51 AM.. Reason: Added CODE tags.
 

10 More Discussions You Might Find Interesting

1. Red Hat

server audit

Hi all.. I need to perform an audit on my servers (ranging form mdk to redhat, knoppix...). I know there exists somewhere a script that could get me back the info i want.. I've googled around, and haven't found anything interesting.. Anyone have some thing i could investigate? Thanx ... (5 Replies)
Discussion started by: penguin-friend
5 Replies

2. Red Hat

How to configure a Redhat 9.0 as NIS+ client

I would like to know how to configure a Redhat 9.0 as NIS+ client. I have seen the post of larry, but it is not enough information for me to do the configuration. Could anyone tell me how to do it? Please help! Thank you! (3 Replies)
Discussion started by: alexhon
3 Replies

3. Linux

configure NIS in RedHat 9.0

Hi All i want to configure NIS on RedHat 9.0. pls help me i need the configure file pls mail this configure files with regards sudeendra (0 Replies)
Discussion started by: sudeendra
0 Replies

4. Red Hat

Virtual ip or CARP configure in Redhat Linux

Hi everyone, Can you please tell me the procedure to configure Virtual ip (CARP) mechanism into the Redhat Linux? Thanks in advanced. Regards, Jagdish Machhi (1 Reply)
Discussion started by: jagdish.machhi@
1 Replies

5. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies

6. Emergency UNIX and Linux Support

How to configure in redhat linux on vmware?

Hi All, I installed Red-hat linux(64bit-x86) os on vmware 8,configure IP address and services but it is unable to come in to network.it is production server. please provide solution to me , it is very urgent... (3 Replies)
Discussion started by: Rajesh_Apple
3 Replies

7. Solaris

how to configure a audit in global zone that will audit all the zone

Hi everyone, how i can configure a single audit service in the global zone for all zones, on solaris BSM. I will be glad to hear back from you. Thanks and Regards (3 Replies)
Discussion started by: ladondo
3 Replies

8. Red Hat

How can i configure fence_cisco_ucs with redhat cluster suite

HI How can i configure fence_cisco_ucs with redhat cluster suite. i was trying to configure fencing aganet with red ahat cluster suite i issued command # /usr/sbin/fence_vmware_soap -a 172.22.90.61 -l admin -p duc2Cisco -o reboot then i got below error: Failed: You have to... (0 Replies)
Discussion started by: bentech4u
0 Replies

9. Red Hat

How to configure redhat clusters on VMWARE?

I'm using redhat 5.1 installed on VMware work station9. Can you guys help me to configure redhat clusters. (1 Reply)
Discussion started by: karthik9358
1 Replies

10. UNIX for Advanced & Expert Users

Sort command results are different in Redhat 4 vs Redhat 5

Hi, I am having a text file with the following contents ########### File1 ########### some page1.txt text page.txt When I sort this file on Red Hat 5, then I get the following output ########### File1 ########### page1.txt page.txt some (3 Replies)
Discussion started by: sarbjit
3 Replies

LEARN ABOUT PHP

autrace

AUTRACE:(8)						  System Administration Utilities					       AUTRACE:(8)

NAME

       autrace - a program similar to strace

SYNOPSIS

       autrace program [-r] [program-args]...

DESCRIPTION

       autrace is a program that will add the audit rules to trace a process similar to strace. It will then execute the program passing arguments
       to it. The resulting audit information will be in the audit logs if the audit daemon is running or syslog. This command deletes	all  audit
       rules  prior  to  executing the target program and after executing it. As a safety precaution, it will not run unless all rules are deleted
       with auditctl prior to use.

OPTIONS

       -r     Limit syscalls collected to ones needed for analyzing resource usage. This could help people doing threat modeling. This saves space
	      in logs.

EXAMPLES

       The following illustrates a typical session:

       autrace /bin/ls /tmp
       ausearch --start recent -p 2442 -i

       and for resource usage mode:

       autrace -r /bin/ls
       ausearch --start recent -p 2450 --raw | aureport --file --summary
       ausearch --start recent -p 2450 --raw | aureport --host --summary

SEE ALSO

       ausearch(8), auditctl(8).

AUTHOR

       Steve Grubb

Red Hat 							     Jan 2007							       AUTRACE:(8)
All times are GMT -4. The time now is 02:52 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy