Linux Audit Subsystem FAQ

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Is there a Linux Audit Subsystem FAQ for Red Hat Enterprise 3? I've
searched the Red Hat site, and found the same information contained
within the man pages. I'm looking for a good explanation of how to
configure LAuS, especially, the rules and setting up audit.conf.

Any suggestion is appreciated.

Re: Linux Audit Subsystem FAQ

On Nov 10, 2:47 pm, ""
Quoted text here. Click to load it

man auditd.conf

Also, you should try to use the audit packages (audit, audit-libs)
whenever possible, not LAuS.  There are two separate implementations of
an audit subsystem in linux, LAuS being the first.  LAuS was submitted
upstream, but was found unsuitable for inclusion in the kernel and was
ultimately rejected. The subsystem was then reworked and integrated in
to the 2.6 kernel; this version is simply known as the "audit
subsystem."  I am not sure if these packages have been backported to
RHEL3, but if they are available, you should use them.  If the packages
haven't been packported, upgrade your kernel and install the userspace
daemon manually.

Site Timeline