• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to audit all Commands run on OEL 5,6 using auditd

by admin

Question: How to log every user command executed with or without sudo and forwarding this logs to a central log file?

To configure the auditd for logging all user commands please follow the below action plan.

1. Use yum to install the audit package:

# yum install audit

2. To start automatically the auditd service at boot time:

# chkconfig auditd on

3. add the following lines to /etc/audit/audit.rules.

# vi /etc/audit/audit.rules
-a exit,always -F arch=b64 -S execve
-a exit,always -F arch=b32 -S execve

4. Start the service:

# service auditd start

By this way auditd logs all user commands to /var/log/audit/audit.log by default. You can change the configuration by editing “/etc/audit/auditd.conf“.

Filed Under: Linux, OEL 6

Some more articles you might also be interested in …

  1. How to disable IPv6 on CentOS / RHEL 7
  2. CentOS / RHEL 7 : How to configure VLAN Tagging using nmcli
  3. Linux OS service ‘auditd’
  4. How to enable text colour in vi similar to vim in CentOS/RHEL
  5. How to Configure rsyslog Server to Accept Logs via SSL/TLS
  6. Features of the “Btrfs” Filesystem
  7. How to Integrate CentOS/RHEL system into an AD Domain with LDAP/Kerberos/SSSD
  8. How to use netstat command under Linux (Examples included)
  9. How to install packages using dnf in CentOS/RHEL 8
  10. How to install an RPM package into a different directory in CentOS/RHEL/Fedora

You May Also Like

Primary Sidebar

Recent Posts

  • What are /dev/zero and /dev/null files in Linux
  • grpck command – Remove corrupt or duplicate entries in the /etc/group and /etc/gshadow files.
  • xxd command – Expressed in hexadecimal form
  • sesearch: command not found

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright