• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Linux OS service ‘auditd’

By admin

Service Name

auditd

Description

auditd is the userspace component to the Linux Auditing System. It’s responsible for writing audit records to the disk. Viewing the logs is done with the ausearch or aureport utilities. Configuring the audit rules is done with the auditctl utility. During startup, the rules in /etc/audit.rules are read by auditctl. The audit daemon itself has some configuration options that the admin may wish to customize. They are found in the auditd.conf file.

The Linux Auditing System provides kernel-resident logging of system calls and user space tools to collect and view the logs. The auditd daemon writes the logging records to disk. auditd is configurable to allow control over what information is written to the logs.

Why should you keep auditd running?

The information in the log may prove useful in debugging security-related issues. For example, auditd is used to log SELinux events. There are also utilities such as aureport that enable you to view the audit log.

Service Detail

Init.d script location

/etc/init.d/auditd

chkconfig output sample

# chkconfig --list auditd
auditd          0:off   1:off   2:on    3:on    4:on    5:on    6:off

Available service usage options

# service auditd
Usage: /etc/init.d/auditd {start|stop|status|restart|condrestart|reload|rotate}

To start the service :

# service auditd start
Starting auditd:                                           [  OK  ]

To stop the service :

# service auditd stop
Stopping auditd:                                           [  OK  ]

To check the status of the service :

# service auditd status
auditd (pid 8951) is running...

To restart the service :

# service auditd restart
Stopping auditd:                                           [  OK  ]
Starting auditd:                                           [  OK  ]

Conditionally restarting the service :

# service auditd condrestart
Stopping auditd:                                           [  OK  ]
Starting auditd:                                           [  OK  ]

To reload the service :

# service auditd reload
Reloading configuration:                                   [  OK  ]

To rotate the logs :

# service auditd rotate
Rotating logs:                                             [  OK  

Which daemons does it run

/sbin/auditd

Which modules does it load

audit-libs
audit-libs-python

Other Information

RPM packages

audit-[version]-[release]
audit-libs-[version]-[release]
audit-libs-python-[version]-[release]

Configuration files

/etc/audit/audit.rules - audit rules to be loaded at startup
/etc/audit/auditd.conf - configuration file for audit daemon
/etc/sysconfig/auditd  - additional configuration file

Filed Under: Linux, Linux Services

Some more articles you might also be interested in …

  1. How to Reserve a Port Range for a Third Party Application in CentOS/RHEL
  2. CentOS / RHEL 6 : How to password-protect single user mode
  3. What are DNS Nameserver Types in Linux
  4. What is the purpose of .bash_profile file under User Home Directory In Linux
  5. Understanding dm-Multipath Identifiers in Linux
  6. Linux OS Service ‘ldap’
  7. What are Shell Scripts? How to Create Shell Scripts?
  8. How to gzip all or specific files in Linux
  9. Reducing/Limiting the CPUs in CentOS/RHEL 5,6
  10. Understanding Variables in Bash Shell Under Linux

You May Also Like

Primary Sidebar

Recent Posts

  • How to set the default character set in MySQL and how to propagate it in a master-master replication scenario
  • “Connection reset by peer” – error while ssh into a CentOS/RHEL system with a specific user only
  • MySQL: how to figure out which session holds which table level or global read locks
  • Recommended Configuration of the MySQL Performance Schema
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary