Login or Register to Ask a Question and Join Our Community


Software Releases - RSS News

audit daemon 1.7.3 (Default branch)

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums News, Links, Events and Announcements Software Releases - RSS News audit daemon 1.7.3 (Default branch)
# 1  
Old 05-10-2008
audit daemon 1.7.3 (Default branch)
The audit package contains the user-spaceutilities for creating audit rules, as well as forstoring and searching the audit records generateby the audit subsystem in the Linux 2.6 kernel. It also has a basic Intrusion Detection plugin based on audit events capable of IDMEF alerting using prelude.License: GNU General Public License (GPL)Changes:
libauparse iteration bugs were fixed. Path nameprocessing is done in avc alerts. Key formattingis done in ausearch. mmap page 0 alert was addedfor the prelude plugin. audispd now has a separatepriority boost configuration option.Image

More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT CENTOS

augenrules

AUGENRULES:(8)						  System Administration Utilities					    AUGENRULES:(8)

NAME

       augenrules - a script that merges component audit rule files

SYNOPSIS

       augenrules [--check] [--load]

DESCRIPTION

       augenrules  is  a  script  that merges all component audit rules files, found in the audit rules directory, /etc/audit/rules.d, placing the
       merged file in /etc/audit/audit.rules. Component audit rule files, must end in .rules  in  order  to  be  processed.  All  other  files	in
       /etc/audit/rules.d are ignored.

       The files are concatenated in order, based on their natural sort (see -v option of ls(1)) and stripped of empty and comment (#) lines.

       The  last  processed  -D  directive without an option, if present, is always emitted as the first line in the resultant file. Those with an
       option are replicated in place.	The last processed -b directive, if present, is always emitted as the second line in the  resultant  file.
       The  last  processed -f directive, if present, is always emitted as the third line in the resultant file.  The last processed -e directive,
       if present, is always emitted as the last line in the resultant file.

       The generated file is only copied to /etc/audit/rules.d, if it differs.

OPTIONS

       --check
	      test if rules have changed and need updating without overwriting audit.rules.

       --load load old or newly built rules into the kernel.

FILES

       /etc/audit/rules.d/ /etc/audit/audit.rules

SEE ALSO

       audit.rules(8), auditctl(8), auditd(8).

Red Hat 							     Apr 2013							    AUGENRULES:(8)