[Forgot Password]
Login  Register Subscribe

24436

 
 

131815

 
 

115228

 
 

909

 
 

90122

 
 

140

 
 
Paid content will be excluded from the download.

Filter
Matches : 24436 Download | Alert*

Configure auditd mail_acct Action on Low Disk Space The 'auditd' service can be configured to send email to a designated account in certain situations. Add or correct the following line in '/etc/audit/auditd.conf' to ensure that administrators are notified via email for those situations: 'action_mail_acct = root'

Configure auditd to use audispd plugin To configure the 'auditd' service to use the 'audispd' plugin, set the 'active' line in '/etc/audisp/plugins.d/syslog.conf' to 'yes'. Restart the 'auditd'service: '$ sudo service auditd restart'

Record attempts to alter time through adjtimex If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-a always,exit -F arch=b32 -S adjtimex -k audit_time_rules' If the system is 64 bit then also add the following line: '-a always,exi ...

Record attempts to alter time through settimeofday If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-a always,exit -F arch=b32 -S settimeofday -k audit_time_rules' If the system is 64 bit then also add the following line: '-a al ...

Record Attempts to Alter Time Through stime If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d' for both 32 bit and 64 bit systems: '-a always,exit -F arch=b32 -S stime -k audit_time_rules' Since the 64 bit version of the "stime" sys ...

Record Attempts to Alter Time Through clock_settime If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-a always,exit -F arch=b32 -S clock_settime -k audit_time_rules' If the system is 64 bit then also add the following line: '-a ...

Record Attempts to Alter the localtime File If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-w /etc/localtime -p wa -k audit_time_rules' If the 'auditd' daemon is configured to use the 'auditctl' utility to read audit rules dur ...

Record Events that Modify the System's Network Environment If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following lines to a file with suffix '.rules' in the directory '/etc/audit/rules.d', setting ARCH to either b32 or b64 as appropriate for your system: -a always,exit -F arch=ARCH -S sethostname -S setdomai ...

System Audit Logs Must Be Owned By Root To properly set the owner of '/var/log', run the command:

Record Events that Modify the System's Mandatory Access Controls If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-w /etc/selinux/ -p wa -k MAC-policy' If the 'auditd' daemon is configured to use the 'auditctl' utility to read a ...


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2443

© SecPod Technologies