Hi all. I 've been lurking around, listening for things I can use...but I'm not where you guys are at in terms of auditing. I still have a requirement, however.
So, help me to understand a very basic functioning of Linux (I imagine its basic). In a standalone system: How in the world do I capture, create and save human readable reports and then clear audit logs. Which BASIC /var/log should every accidental sysad (like myself) be capturing? I know where to put the audit rules, but at this point, I'm just sort of following instructions for that without any real sense of understanding. The farthest I've gotten is -w means watch. If you guys would take a moment to ask such a rudimentary question, I might be able to move past go. Thank you for your time. Margaret M. Sanders SwRI ISSO/ATA
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
