I am using both the NISPOM and STIG rules for my audit.rules file. As root, if I perform a system time change, it does not capture this information in either /var/log/secure or var/log/audit/audit.log. How can I capture when someone changes the time or attempts to change the time?
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
