Thursday, October 10, 2013

Privilege Users Auditing

www.unixbabuforum.inIs their any commands to configure the Privilege Users Auditing in RHEL (version 3,4,5). 
Basic purpose is to audit the commands entered, services start/resart/stop, administrative configuration, login/logoff done by Privilege Users (like root or sudo users or users in group root). In short to audit every activities done by Privilege Users (like root or sudo users) in the server. Audit can be helpful 
Some part from auditd command(you must active auditd service) 
auditd is the userspace component to the Linux Auditing System. 
responsible for writing audit records to the disk. Viewing the 
logs is 
done with the ausearch or aureport utilities. Configuring the 
rules is done with the auditctl utility. During startup, the 
rules in 
/etc/audit.rules are read by auditctl. The audit daemon itself has 
configuration options that the admin may wish to customize. They 
found in the auditd.conf file.


Post a Comment

Design by BABU | Dedicated to grandfather | welcome to BABU-UNIX-FORUM