Important files to know: /etc/security/audit_class and /etc/security/audit_event
Important Commands to know: auditconfig , auditrecord
Location for Auditing Logs : /var/audit/
auditconfig -getflags
auditconfig -getnaflags (Get non-attributable flag)
auditconfig -getplugin (To determine which plugins are active)
auditconfig -lspolicy ( List of policies)
auditconfig -getpolicy
auditconfig -setpolicy -cnt (Removing the cnt policy)
auditrecord -c lo (To determine the type of records included under the lo class. Option -c is for selecting the class as mentioned in audit_class)
No comments:
Post a Comment