Chapter 25. Linux Auditing System

IN THIS CHAPTER

The 2.6 Linux kernel has the ability to log events such as system calls and file access. These logs can then be reviewed by the administrator to determine possible security breaches such as failed login attempts or a user failing to access system files. This functionality, called the Linux Auditing System, is available in Red Hat Enterprise Linux 5.

To use the Linux Auditing System, use the following steps:

  1. Configure the audit daemon.
  2. Add audit rules and watches to collect desired data.
  3. Start the daemon, which enables the Linux Auditing System in ...

Get Red Hat® Enterprise Linux® 5 Administration Unleashed now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.