LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
Reload this Page Who knows for what use is the service 'auditd'
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 01-28-2011, 03:05 AM   #1
thomas2004ch
Member
 
Registered: Aug 2009
Posts: 539

Rep: Reputation: 33
Who knows for what use is the service 'auditd'

I've heard this is a monitoring service. I want to turn it on by production machines. But I am not sure what negative influence will cause.
 
Old 01-28-2011, 03:45 AM   #2
thomas2004ch
Member
 
Registered: Aug 2009
Posts: 539

Original Poster
Rep: Reputation: 33
Besides, how can one monitor a sub-directory?
 
Old 01-28-2011, 03:48 AM   #3
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Distribution: Devuan
Posts: 3,654
Blog Entries: 33

Rep: Reputation: 283Reputation: 283Reputation: 283
The man page says...
Quote:
DESCRIPTION

auditd is the userspace component to the Linux Auditing System. It’s
responsible for writing audit records to the disk. Viewing the logs is
done with the ausearch or aureport utilities. Configuring the audit
rules is done with the auditctl utility. During startup, the rules in
/etc/audit.rules are read by auditctl. The audit daemon itself has some
configuration options that the admin may wish to customize. They are
found in the auditd.conf file.



OPTIONS

-f leave the audit daemon in the foreground for debugging. Messages
also go to stderr rather than the audit log.



SIGNALS

HUP causes auditd to reconfigure. This means that auditd re-reads the
configuration file. If there are no syntax errors, it will proceed to
implement the requested changes. If the reconfigure is successful, a
DAEMON_CONFIG event is recorded in the logs. If not successful, error
handling is controlled by space_left_action, admin_space_left_action,
disk_full_action, and disk_error_action parameters in auditd.conf.

TERM caused auditd to discontinue processing audit events, write a
shutdown audit event, and exit.

USR1 causes auditd to immediately rotate the logs. It will consult the
max_log_size_action to see if it should keep the logs or not.
One may monitor a directory in many ways, one is by file access time, another would be file size, and more.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
auditd disappeared slimm609 Red Hat 8 12-05-2010 02:19 PM
[SOLVED] auditd won't start from service or /etc/init.d poctob Linux - Software 1 10-21-2009 01:13 PM
auditd: auditd startup failed cmschube Red Hat 2 05-11-2009 07:08 AM
auditd outputting errors at service start & stop cdhgee Fedora 8 08-08-2005 01:22 PM
Help with crond and auditd pfaendtner Linux - Software 4 04-25-2005 10:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:47 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration