Skip to content

Latest commit

 

History

History
78 lines (69 loc) · 1.23 KB

README.md

File metadata and controls

78 lines (69 loc) · 1.23 KB
Raw

Linux Audit rules templates


Check for installed auditing packages

RHEL/Oracle Linux/CentOS

rpm -q audit audit-libs audispd-plugins

Debian/Ubuntu

apt list auditd audispd-plugins

or

dpkg -l auditd audispd-plugins

Check the run levels of the packages

RHEL/Oracle Linux/CentOS

chkconfig --list auditd
chkconfig --list audispd-plugins

or

systemctl is-enabled auditd
systemctl is-enabled audispd-plugins

Debian/Ubuntu

systemctl is-enabled auditd
systemctl is-enabled audispd-plugins

Enable run levels of the packages

RHEL/Oracle Linux/CentOS

chkconfig auditd on
chkconfig audispd-plugins on

or

systemctl enable auditd
systemctl enable audispd-plugins

Debian/Ubuntu

systemctl enable auditd
systemctl enable audispd-plugins

Send audit logs via syslog

Edit audispd syslog configuration file

vim /etc/audisp/plugins.d/syslog.conf

or

vim /etc/audit/plugins.d/syslog.conf

Edit the following line to activate the feature

active = yes