Hi
i am new to this area and in want to know how can i configure auditd .
i have copied /usr/share/doc/audit-2.4.1/stig.rules to /etc/audit/audit.rules then i ran
after that auditctl -l is listing all the rule which i mentioned in
but how can i analyze these logs. is there any tools for that. audit.log file is having . this file has getting filled by so many entries.
Regards,
Ben
Moderator's Comments:
Please use CODE tags as required by forum rules!
Last edited by RudiC; 10-20-2016 at 05:51 AM..
Reason: Added CODE tags.
Hi all..
I need to perform an audit on my servers (ranging form mdk to redhat, knoppix...). I know there exists somewhere a script that could get me back the info i want..
I've googled around, and haven't found anything interesting.. Anyone have some thing i could investigate?
Thanx
... (5 Replies)
I would like to know how to configure a Redhat 9.0 as NIS+ client. I have seen the post of larry, but it is not enough information for me to do the configuration. Could anyone tell me how to do it? Please help!
Thank you! (3 Replies)
Hi everyone,
Can you please tell me the procedure to configure Virtual ip (CARP) mechanism into the Redhat Linux?
Thanks in advanced.
Regards,
Jagdish Machhi (1 Reply)
Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and... (2 Replies)
Hi All,
I installed Red-hat linux(64bit-x86) os on vmware 8,configure IP address and services but it is unable to come in to network.it is production server.
please provide solution to me , it is very urgent... (3 Replies)
Hi everyone,
how i can configure a single audit service in the global zone for all zones, on solaris BSM.
I will be glad to hear back from you.
Thanks and Regards (3 Replies)
HI
How can i configure fence_cisco_ucs with redhat cluster suite.
i was trying to configure fencing aganet with red ahat cluster suite
i issued command
# /usr/sbin/fence_vmware_soap -a 172.22.90.61 -l admin -p duc2Cisco -o reboot
then i got below error:
Failed: You have to... (0 Replies)
Hi,
I am having a text file with the following contents
###########
File1
###########
some
page1.txt
text
page.txt
When I sort this file on Red Hat 5, then I get the following output
###########
File1
###########
page1.txt
page.txt
some (3 Replies)
Discussion started by: sarbjit
3 Replies
LEARN ABOUT PHP
autrace
AUTRACE:(8) System Administration Utilities AUTRACE:(8)NAME
autrace - a program similar to strace
SYNOPSIS
autrace program [-r] [program-args]...
DESCRIPTION
autrace is a program that will add the audit rules to trace a process similar to strace. It will then execute the program passing arguments
to it. The resulting audit information will be in the audit logs if the audit daemon is running or syslog. This command deletes all audit
rules prior to executing the target program and after executing it. As a safety precaution, it will not run unless all rules are deleted
with auditctl prior to use.
OPTIONS -r Limit syscalls collected to ones needed for analyzing resource usage. This could help people doing threat modeling. This saves space
in logs.
EXAMPLES
The following illustrates a typical session:
autrace /bin/ls /tmp
ausearch --start recent -p 2442 -i
and for resource usage mode:
autrace -r /bin/ls
ausearch --start recent -p 2450 --raw | aureport --file --summary
ausearch --start recent -p 2450 --raw | aureport --host --summary
SEE ALSO ausearch(8), auditctl(8).
AUTHOR
Steve Grubb
Red Hat Jan 2007 AUTRACE:(8)