Linux Audit Subsystem FAQ - Security

This is a discussion on Linux Audit Subsystem FAQ - Security ; Is there a Linux Audit Subsystem FAQ for Red Hat Enterprise 3? I've searched the Red Hat site, and found the same information contained within the man pages. I'm looking for a good explanation of how to configure LAuS, especially, ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Linux Audit Subsystem FAQ

  1. Linux Audit Subsystem FAQ

    Is there a Linux Audit Subsystem FAQ for Red Hat Enterprise 3? I've
    searched the Red Hat site, and found the same information contained
    within the man pages. I'm looking for a good explanation of how to
    configure LAuS, especially, the rules and setting up audit.conf.

    Any suggestion is appreciated.
    TR


  2. Re: Linux Audit Subsystem FAQ

    On Nov 10, 2:47 pm, "tom.rei...@honeywell.com"
    wrote:
    > Is there a Linux Audit Subsystem FAQ for Red Hat Enterprise 3? I've
    > searched the Red Hat site, and found the same information contained
    > within the man pages. I'm looking for a good explanation of how to
    > configure LAuS, especially, the rules and setting up audit.conf.
    >


    man auditd.conf

    Also, you should try to use the audit packages (audit, audit-libs)
    whenever possible, not LAuS. There are two separate implementations of
    an audit subsystem in linux, LAuS being the first. LAuS was submitted
    upstream, but was found unsuitable for inclusion in the kernel and was
    ultimately rejected. The subsystem was then reworked and integrated in
    to the 2.6 kernel; this version is simply known as the "audit
    subsystem." I am not sure if these packages have been backported to
    RHEL3, but if they are available, you should use them. If the packages
    haven't been packported, upgrade your kernel and install the userspace
    daemon manually.


+ Reply to Thread