pratyush/arch-conf-install

Archived

This repository has been archived on 2022-06-28. You can view files and clone it, but cannot push or open issues or pull requests.

Pratyush Desai 117096b388

start documenting logwatch

2021-12-09 06:19:45 +05:30

448 B

Raw Blame History

Audit Framework

Kernel

To ensure that all process which may have started before auditd are marked as auditable use boot time kernel param audit=1.

Userspace

Install the audit package, enable and start the auditd.service.
The config file is auditd.conf.
The rules are defined in /etc/audit/audit.rules.
auditctl can be used to edit rules on the fly.
ausearch and aureport are used to summarize and view data.