All Questions
6 questions
0
votes
0
answers
234
views
AuditD understanding exit,always,exclude,never
I see these 4 exit, always, exclude, and never commonly used in many different combinations like below:
-a exit,always
-a exit,never
-a exclude,always
-a exclude,never
I'm trying to understand what ...
- 1,754
2
votes
2
answers
153
views
Kill OS if process is killed
I have a bespoke monitoring application I'm deploying on a linux cluster I wish to secure.
I would like the process not to be possible to kill.
That said, senior users need root.
I read that I can ...
- 458
4
votes
1
answer
6k
views
Auditd, Syslog and Journald
I have been investigating about these three logging solutions auditd, syslog, and journald, but still there are thing that unclear to me.
According to the things I read, auditd audits events in the ...
- 41
1
vote
1
answer
356
views
aureport -l doesnt show the sucessful count of the user who used "su" command
why the command aureport -l --success --summary -i does show the successful login count of the user who used su command.
The output the above said command only calculates sshd, gdm sessions but not ...
- 41
1
vote
0
answers
85
views
third party linux auditing software
Linux has a audit system built-in in its kernel and a user space process called auditd reading the system calls intercepted by the kernel.
Are there alternate solutions to the Linux Audit system ? I ...
- 11
0
votes
1
answer
204
views
auditctl reports "File system watches not supported" on a very old system
When I run auditctl -l I got:
# auditctl -l
No rules
File system watches not supported
And I've already have AUDITSYSCALL enable in kernel,
# zgrep AUDIT /proc/config.gz
CONFIG_AUDIT_ARCH=y
...
- 55.6k