How do I configure audit to log all files opened on a system?
Environment: Red Hat Enterprise Linux 3
Instructions for using LAuS to generate audit records for all files opened on a system are as follows.
-
Save the current configuration:
# service audit stop # mv /etc/audit/filter.conf /etc/audit/filter.conf-default -
Turn on auditing ONLY for the
execveand open ...
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
