Red Hat® Enterprise Linux® 5 Administration Unleashed

Chapter 25. Linux Auditing System

IN THIS CHAPTER

Configuring the Audit Daemon
Writing Audit Rules and Watches
Starting and Stopping the Daemon
Analyzing the Records
Tracing a Process with Audit

The 2.6 Linux kernel has the ability to log events such as system calls and file access. These logs can then be reviewed by the administrator to determine possible security breaches such as failed login attempts or a user failing to access system files. This functionality, called the Linux Auditing System, is available in Red Hat Enterprise Linux 5.

To use the Linux Auditing System, use the following steps:

Configure the audit daemon.
Add audit rules and watches to collect desired data.
Start the daemon, which enables the Linux Auditing System in ...

Get Red Hat® Enterprise Linux® 5 Administration Unleashed now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Red Hat® Enterprise Linux® 5 Administration Unleashed by Tammy Fox

Chapter 25. Linux Auditing System

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly