• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to audit all Commands run on OEL 5,6 using auditd

by admin

Question: How to log every user command executed with or without sudo and forwarding this logs to a central log file?

To configure the auditd for logging all user commands please follow the below action plan.

1. Use yum to install the audit package:

# yum install audit

2. To start automatically the auditd service at boot time:

# chkconfig auditd on

3. add the following lines to /etc/audit/audit.rules.

# vi /etc/audit/audit.rules
-a exit,always -F arch=b64 -S execve
-a exit,always -F arch=b32 -S execve

4. Start the service:

# service auditd start

By this way auditd logs all user commands to /var/log/audit/audit.log by default. You can change the configuration by editing “/etc/audit/auditd.conf“.

Filed Under: Linux, OEL 6

Some more articles you might also be interested in …

  1. How to disable NFS client caching in CentOS/RHEL
  2. pstree: command not found
  3. wc: command not found
  4. Determining disk usage in Linux using “du” command
  5. Volume “test_vg/lvol0” is not active locally – Error while running lvcreate
  6. useradd: command not found
  7. foreman: command not found
  8. qemu does not launch : vnc server started
  9. dig Command Examples in Linux
  10. Red Hat / CentOS : How to create interface / NIC bonding

You May Also Like

Primary Sidebar

Recent Posts

  • qsub Command Examples in Linux
  • qsub: command not found
  • qrcp Command Examples in Linux
  • qmrestore Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright