This shows you the differences between two versions of the page.
| |
| centos7:4:1 [2017/05/04 17:42] – created Piotr Kłoczewski | centos7:4:1 [2017/05/06 15:18] (current) – Piotr Kłoczewski |
|---|
| ====== 4.1 Configure System Accounting (auditd) ====== | ====== 4.1 Configure System Accounting (auditd) ====== |
| | ==== List of content ==== |
| | {{indexmenu>.:1#3 |context}} |
| | ==== Description ==== |
| System auditing, through ''auditd'', allows system administrators to monitor their systems such that they can detect unauthorized access or modification of data. By default, auditd will audit SELinux AVC denials, system logins, account modifications, and authentication events. Events will be logged to ''/var/log/audit/audit.log''. The recording of these events will use a modest amount of disk space on a system. If significantly more events are captured, additional on system or off system storage may need to be allocated. \\ | System auditing, through ''auditd'', allows system administrators to monitor their systems such that they can detect unauthorized access or modification of data. By default, auditd will audit SELinux AVC denials, system logins, account modifications, and authentication events. Events will be logged to ''/var/log/audit/audit.log''. The recording of these events will use a modest amount of disk space on a system. If significantly more events are captured, additional on system or off system storage may need to be allocated. \\ |
| The recommendations in this section implement an audit policy that produces large quantities of logged data. In some environments it can be challenging to store or process these logs and as such they are marked as Level 2 for both Servers and Workstations. \\ \\ | The recommendations in this section implement an audit policy that produces large quantities of logged data. In some environments it can be challenging to store or process these logs and as such they are marked as Level 2 for both Servers and Workstations. \\ \\ |