LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-16-2011, 10:22 AM   #1
zanier
LQ Newbie
 
Registered: Nov 2011
Distribution: ubuntu/debian
Posts: 29

Rep: Reputation: Disabled
audit daemon


hi friends
i have a question .i know audit daemon support rules for system calls and file access.......Does it have any rule for "services'??? such as disk services or network services or.........?
 
Old 11-16-2011, 11:58 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,332
Blog Entries: 55

Rep: Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533
Quote:
Originally Posted by zanier View Post
i know audit daemon support rules for system calls and file access.......Does it have any rule for "services'??? such as disk services or network services or.........?
If you give a detailed example of what you are trying to achieve it would be easier to respond with more than "it depends"...
 
Old 11-17-2011, 06:03 AM   #3
zanier
LQ Newbie
 
Registered: Nov 2011
Distribution: ubuntu/debian
Posts: 29

Original Poster
Rep: Reputation: Disabled
i want to know which does audit daemon log services ?
as it log system calls. please someone answer me....
 
Old 11-17-2011, 11:12 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,332
Blog Entries: 55

Rep: Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533
OK... Then the answer is "no" :-]
 
Old 11-19-2011, 05:40 AM   #5
zanier
LQ Newbie
 
Registered: Nov 2011
Distribution: ubuntu/debian
Posts: 29

Original Poster
Rep: Reputation: Disabled
Thumbs up

thanks
what about LTT:linux trace toolkit? does it log both services and systemcalls?
 
Old 11-19-2011, 06:17 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,332
Blog Entries: 55

Rep: Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533
It is not possible to understand your question correctly until I saw another students question pop up. In my opinion what you ask for (and what you failed to explain in a way I can understand) is similar to what was posted at http://www.linuxquestions.org/questi...rvices-914116/. Am I right?
 
Old 05-24-2012, 09:21 AM   #7
8613133
LQ Newbie
 
Registered: Nov 2011
Posts: 11

Rep: Reputation: Disabled
audit daemon qestion

hi,
i installed auditd and then started that.i am going to know if i do not add any rule in audit.rules, what will be happen?does auditd log every things in default without adding any rule?in fact ,auditd log what? when there is no rule in audit.rules,
thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Audit daemon is not suspending when /var partition is full jaypas Linux - Security 4 08-24-2010 10:01 AM
Problem with audit daemon? agostino84 Red Hat 1 12-22-2008 05:44 PM
Configuring the audit daemon of RHEL4 update 2 herrmag Linux - Security 0 05-08-2006 05:39 PM
what's audit daemon for? liyuefu Linux - General 2 06-23-2005 12:37 PM
Audit Daemon in RH 7.3 oulevon Linux - Security 1 08-06-2002 08:20 AM


All times are GMT -5. The time now is 04:12 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration