How do I configure audit to log all files opened on a system?

Updated -

Environment: Red Hat Enterprise Linux 3

Instructions for using LAuS to generate audit records for all files opened on a system are as follows.

  • Save the current configuration:

            # service audit stop
            # mv /etc/audit/filter.conf /etc/audit/filter.conf-default
    
  • Turn on auditing ONLY for the execve and open ...

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In