• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • VCS
  • Interview Questions
  • Database
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to change the default permissions on /var/log/audit/audit.log file in CentOS/RHEL

by admin

Question: How to configure auditd to change the default permissions on the /var/log/audit/audit.log from 0600 to 0640 and also changing the group ownership of the file?

By default it’s not possible to change permissions on the /var/log/audit/audit.log file using ACLs, instead “log_group” parameter can be set under the file /etc/audit/audit.conf.

The Steps

In this example, we would like to change default permissions on the /var/audit/audit.log from 600 to 640 and also changing group from root to splunk.

1. Check current permissions on the /var/audit/audit.log file, mostly it’s root:root with 0600

# ls -l /var/log/audit/audit.log
-rw------- 1 root root 3531590 Jun 1 00:20 /var/log/audit/audit.log

2. Edit /etc/audit/auditd.conf file and change log_group to splunk.

Before change:

# cat /etc/audit/auditd.conf | grep log_group
log_group = root

After change:

# cat /etc/audit/auditd.conf | grep log_group
log_group = splunk

3. Restart audit service and check.

# service audit restart

4. Check permissions on the /var/log/audit/audit.log.

# ls -l /var/log/audit/audit.log
-rw-r----- 1 root splunk 3532862 Jun 1 00:24 /var/log/audit/audit.log
Note: In this example splunk user and group taken for demo, may be in your setup there could be a different user and group name.
Understanding System auditing with auditd

Filed Under: CentOS/RHEL 5, CentOS/RHEL 6, Fedora, Linux

Some more articles you might also be interested in …

  1. gh api: Makes authenticated HTTP requests to the GitHub API and prints the response
  2. locale Command Examples in Linux
  3. swupd Command Examples in Linux
  4. Understanding the rc Scripts in Linux
  5. CentOS / RHEL : How to set chroot jail for vsftp for all the users
  6. “git show” Command Examples
  7. How to install zip/unzip package in Linux CentOS/RHEL 7 and 8
  8. nsenter: command not found
  9. balooctl Command Examples in Linux
  10. CentOS / RHEL : How To Shrink LVM Root File System

You May Also Like

Primary Sidebar

Recent Posts

  • gixy Command Examples
  • gitsome Command Examples
  • gitmoji Command Examples
  • gitlint Command Examples

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright