Audit execution of the reboot command

Comments

Trying to setup auditing of the execution of the /sbin/reboot, /sbin/init, /sbin/shutdown in RHEL 8. Adding audit rules specifying these files does not work. These are hard links to systemctl and/or systemd. Are there any solutions to getting auditd to trap on the execution of a hard link?

Started 2024-07-11T15:43:46+00:00 by

Tim Gleason

Active Contributor 111 points

Responses

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)

Select Your Language

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links