• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to change the default permissions on /var/log/audit/audit.log file in CentOS/RHEL

by admin

Question: How to configure auditd to change the default permissions on the /var/log/audit/audit.log from 0600 to 0640 and also changing the group ownership of the file?

By default it’s not possible to change permissions on the /var/log/audit/audit.log file using ACLs, instead “log_group” parameter can be set under the file /etc/audit/audit.conf.

The Steps

In this example, we would like to change default permissions on the /var/audit/audit.log from 600 to 640 and also changing group from root to splunk.

1. Check current permissions on the /var/audit/audit.log file, mostly it’s root:root with 0600

# ls -l /var/log/audit/audit.log
-rw------- 1 root root 3531590 Jun 1 00:20 /var/log/audit/audit.log

2. Edit /etc/audit/auditd.conf file and change log_group to splunk.

Before change:

# cat /etc/audit/auditd.conf | grep log_group
log_group = root

After change:

# cat /etc/audit/auditd.conf | grep log_group
log_group = splunk

3. Restart audit service and check.

# service audit restart

4. Check permissions on the /var/log/audit/audit.log.

# ls -l /var/log/audit/audit.log
-rw-r----- 1 root splunk 3532862 Jun 1 00:24 /var/log/audit/audit.log
Note: In this example splunk user and group taken for demo, may be in your setup there could be a different user and group name.
Understanding System auditing with auditd

Filed Under: CentOS/RHEL 5, CentOS/RHEL 6, Fedora, Linux

Some more articles you might also be interested in …

  1. ddcutil: command not found
  2. kpartx Command Examples in Linux
  3. How To Configure Restricted Bash Shell in Linux
  4. Linux OS Service ‘rpcidmapd’
  5. fprintd-verify Command Examples in Linux
  6. CentOS / RHEL 7 : How to check the status of a service using systemd
  7. CentOS / RHEL : How to restrict SSH login by time of day
  8. How to Limit/throttle rsync transfer speed in Linux
  9. How to Disable RSH Server in CentOS/RHEL
  10. blurlock Command Examples in Linux

You May Also Like

Primary Sidebar

Recent Posts

  • powertop Command Examples in Linux
  • powertop: command not found
  • powerstat: command not found
  • powerstat Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright