SlideShare a Scribd company logo

How To Install and Generate Audit Reports in CentOS 7 or RHEL 7

VCP Muthukrishna
VCP Muthukrishna

This document provides instructions on how to install and configure auditing on CentOS 7. It describes how to install the audit packages, add and manage audit rules to monitor specific files and directories, perform searches of the audit logs, and generate various audit reports. Commands are provided to list rules, add rules to watch files and their permissions, delete rules, search the logs by criteria like file, user, or group, and produce summary reports on authentication attempts and logins. System calls are also mapped to their numeric identifiers.

1 of 17
Downloaded 45 times
How To Install and Generate Audit Reports in CentOS 7 i | P a g e Table of Contents Overview.......................................................................................................................................................1 Applies To......................................................................................................................................................1 Pre-requisites................................................................................................................................................1 Install Audit Packages ...................................................................................................................................1 Components, Tools and Configuration Files.................................................................................................1 Kernel........................................................................................................................................................1 Binaries......................................................................................................................................................1 Files ...........................................................................................................................................................2 Auditctl - Attributes / Parameters ................................................................................................................2 Audit Control - Rules Table .......................................................................................................................2 Audit Control - Permissions Table.............................................................................................................2 Audit Control - Actions..............................................................................................................................2 Manage Audit Rules......................................................................................................................................3 List Audit Rules..........................................................................................................................................3 Add Audit Rules.........................................................................................................................................3 Add Audit Rule – Shadow File...............................................................................................................3 Add Audit Rule – Password File ............................................................................................................4 Add Audit Rule – SSH Config File...........................................................................................................4 Add Audit Rule – hosts File ...................................................................................................................4 Add Audit Rule – Directory ...................................................................................................................4 Audit Delete Rules.....................................................................................................................................5 Delete Rules – All Rules.........................................................................................................................5 Delete Rules – By Key............................................................................................................................5 Delete Rules – Matching Rule...............................................................................................................6 Audit Query / Search.....................................................................................................................................6 Audit Query – By File.................................................................................................................................6 Audit Query – By key.................................................................................................................................7 Audit Query – By Exit Code.......................................................................................................................7 Audit Query – By Executable ....................................................................................................................8 Audit Query – By UserID ...........................................................................................................................8 Audit Query – By User LoginID..................................................................................................................9
How To Install and Generate Audit Reports in CentOS 7 ii | P a g e Audit Query – By GroupID.........................................................................................................................9 Audit Query – By UUID..............................................................................................................................9 Audit Query – By Hostname....................................................................................................................10 Audit Reports ..............................................................................................................................................10 Audit Report – Summary.........................................................................................................................10 Audit Report – Report Authentication Attempts................................................................................11 Audit Report – Report Authentication Failed Attempts .....................................................................11 Audit Report – Report Login Success Attempts..................................................................................12 Audit Report – Report Login Failed Attempts.....................................................................................12 Audit Report – Report Login Failed Attempts.....................................................................................12 Audit Report – Report Filter by Timestamp........................................................................................13 Audit Report – Report Find Syscall......................................................................................................14 Different System Calls and its Mapping..................................................................................................14 ausyscall 2 ...........................................................................................................................................14 ausyscall 188 .......................................................................................................................................14 ausyscall 191 .......................................................................................................................................14 Alternate Methods – Aureport ...................................................................................................................15
How To Install and Generate Audit Reports in CentOS 7 1 | P a g e Overview It is always a good to have a look various logs on your server to determine who has logged in successfully and who has had failed attempts at logging in. More importantly with a server is connected to the public IP address. It also helps administrator to keep trail of administrator activities. Applies To CentOS 7, RHEL 7 Pre-requisites In order to run the commands described in this guide; packages that has to be installed.  audit  audit-libs Install Audit Packages By default audit packages are installed, in case you need to install run the below command; audit-libs is a dependency package. yum install audit audit-libs -y Components, Tools and Configuration Files There are three major components for Auditing on a box. Kernel audit Hooks into the kernel to capture events and delivers them to auditd daemon Binaries auditd A daemon to capture events and store them in auditd.log file auditctl Audit tool to configure auditd on the server audispd Daemon to multiplex events aureport Reporting tool which reads from auditd.log file ausearch Looks-up events in auditd.log file autrace Using audit component in kernel to trace binaries aulast Similar to last, but utilizes audit framework aulastlog Similar to lastlog, but again utilizes audit framework ausyscall Map syscall ID and name auvirt Displaying audit information regarding virtual machines
How To Install and Generate Audit Reports in CentOS 7 2 | P a g e Files audit.rules Rules defined is utilized by auditctl auditd.conf Configuration file of auditd daemon Auditctl - Attributes / Parameters Audit control tool is managed by rules and the parameters associated to each rule. Audit Control - Rules Table -w This parameter will add / insert a watch for the file system object at path. -W This parameter will remove a watch for the file system object at path. -f [0..2] Set failure flag which can be set between 0 - 2 wherein; 0=silent 1=printk 2=panic -e [0..2] Set enabled flag which can be set between 0 - 2 wherein; 0= disable auditing 1=enable auditing 2= lock the audit configuration -k Key -p [rwxa] this parameter describes the permission access type that a file system watch will trigger on rwxa; see Permissions Table -D Delete all audit rules Audit Control - Permissions Table r Read permission; if a file is opened for reading w write permission; if a file is opened for writing x execute permission; if a file is opened for execution a attribute permission; if a file attribute is changed Audit Control - Actions never No audit records will be generated. This can be used to suppress event generation. always Allocate an audit context, always fill it in at syscall entry time, and always write out a record at syscall exit time.
How To Install and Generate Audit Reports in CentOS 7 3 | P a g e Manage Audit Rules One of the main purpose of audit rule(s) is to keep track of files that have been read, modified or executed by a user are being monitored; which will ensure engineers to perform administrative actions that their role defines or requires. List Audit Rules First up, before you configure a new rule it’s always a good idea to list of audit rules that are already configured. To know rules configure run the below command, the command will list rules defined from the file “/etc/audit/audit.rules”. auditctl -l Add Audit Rules In order to add a watch / audit files, you need to add a rule, we will add few audit rules. Add Audit Rule – Shadow File To audit password shadow file run the below command with key “shadow-file”; we will watch for permissions “r,w,x,a”. auditctl -w /etc/shadow -k shadow-file -p rwxa
How To Install and Generate Audit Reports in CentOS 7 4 | P a g e Add Audit Rule – Password File To audit password file run the below command with key “password-file”; we will watch for permissions “r,w,a”. auditctl -w /etc/passwd -p war -k password-file Add Audit Rule – SSH Config File To audit SSH daemon main configuration file run the below command with key “sshconfig”; we will watch for permissions “r,w,a,x”. auditctl -w /etc/ssh/sshd_config -p rwax -k sshconfig-file Add Audit Rule – hosts File To audit hosts file run the below command with key “hosts-file”; we will watch for permissions “w,a”. auditctl -w /etc/hosts -p wa -k hosts-file Add Audit Rule – Directory If you would like to watch a specific directory on a host, run the command below auditctl -w /etc/security -k "/etc/secturity" Note: it’s a good idea to add a rule with “key”, because it helps in search by a show rules based on key.
How To Install and Generate Audit Reports in CentOS 7 5 | P a g e Audit Delete Rules If the host or a rule(s) that are no longer required to be audited / watched. You need delete the audit rules that are no longer required. Delete Rules – All Rules At times you would want to delete all rules defined run the below command, this command will remove all rules defined in “audit.rules” file. auditctl -D Delete Rules – By Key To delete rules based on the key run the below command, this command will remove all rules defined in “audit.rules” file. auditctl -D -key password-file
How To Install and Generate Audit Reports in CentOS 7 6 | P a g e Delete Rules – Matching Rule To delete matching rule, run the below command, this command will remove all rules defined in “audit.rules” file. You have to match the actual rule to remove it. auditctl -W /etc/passwd -p rwa -k password-file Audit Query / Search Ausearch is audit daemon query tool, there are many ways that you can perform different kind of audits. A few of them have been listed and shown here. Audit Query – By File Search for an events matching for the given filename. ausearch -f /etc/passwd
How To Install and Generate Audit Reports in CentOS 7 7 | P a g e Audit Query – By key Search for an events matching for the given key defined while creating the audit rules. ausearch -k password-file Audit Query – By Exit Code Search for an event matching the exit code. Exit codes can be interpreted in the error file “/usr/include/asm-generic/errno-base.h” ausearch -e 1
How To Install and Generate Audit Reports in CentOS 7 8 | P a g e Audit Query – By Executable Search for an event matching the executable, run the command below. ausearch -x ls Audit Query – By UserID Search for an events matching based on the user ID. ausearch -ui 1000
How To Install and Generate Audit Reports in CentOS 7 9 | P a g e Audit Query – By User LoginID Query for events matching for the user Login ID and display them. ausearch -ul 1000 Audit Query – By GroupID Query for events matching for the group id and display them. ausearch -gi 1000 Audit Query – By UUID Query for events matching for the UUID and display them. ausearch -uu 1000
How To Install and Generate Audit Reports in CentOS 7 10 | P a g e Audit Query – By Hostname Query for events matching for the hostname and display them. ausearch -hn vcptest Audit Reports It’s a tool that delivers audit summary reports of the audit system logs. Audit Report – Summary aureport –summary
How To Install and Generate Audit Reports in CentOS 7 11 | P a g e Audit Report – Report Authentication Attempts List all the events irrespective of success or failed. aureport -au Audit Report – Report Authentication Failed Attempts List all the events that have failed. aureport -au | grep "no "
How To Install and Generate Audit Reports in CentOS 7 12 | P a g e Audit Report – Report Login Success Attempts aureport --success -l Audit Report – Report Login Failed Attempts aureport --failed -l Audit Report – Report Login Failed Attempts aureport -m
How To Install and Generate Audit Reports in CentOS 7 13 | P a g e Audit Report – Report Filter by Timestamp aureport --start 09/20/2015 00:00:00 --end 09/21/2015 00:00:00
How To Install and Generate Audit Reports in CentOS 7 14 | P a g e Audit Report – Report Find Syscall For each command execution syscall is associated in the audit log. Run the command “ausearch gi 1000 - -just-one” Different System Calls and its Mapping ausyscall 2 Open ausyscall 188 setxattr ausyscall 191 getxattr
How To Install and Generate Audit Reports in CentOS 7 15 | P a g e Alternate Methods – Aureport cat /var/log/secure | grep 'sshd.*Failed' cat /var/log/secure | grep 'sshd.*opened' cat /var/log/secure | grep 'login.*tty'
Ad

Recommended

How to Survive an OpenStack Cloud Meltdown with Ceph
How to Survive an OpenStack Cloud Meltdown with CephHow to Survive an OpenStack Cloud Meltdown with Ceph
How to Survive an OpenStack Cloud Meltdown with Ceph
Sean Cohen
 
Rolling upgrade OpenStack
Rolling upgrade OpenStackRolling upgrade OpenStack
Rolling upgrade OpenStack
Vietnam Open Infrastructure User Group
 
Backup and recovery in oracle
Backup and recovery in oracleBackup and recovery in oracle
Backup and recovery in oracle
sadegh salehi
 
Oracle Client Failover - Under The Hood
Oracle Client Failover - Under The HoodOracle Client Failover - Under The Hood
Oracle Client Failover - Under The Hood
Ludovico Caldara
 
Oracle AWR Data mining
Oracle AWR Data miningOracle AWR Data mining
Oracle AWR Data mining
Yury Velikanov
 
Ceph Tech Talk -- Ceph Benchmarking Tool
Ceph Tech Talk -- Ceph Benchmarking ToolCeph Tech Talk -- Ceph Benchmarking Tool
Ceph Tech Talk -- Ceph Benchmarking Tool
Ceph Community
 
Presentation implementing oracle asm successfully
Presentation implementing oracle asm successfullyPresentation implementing oracle asm successfully
Presentation implementing oracle asm successfully
xKinAnx
 
Amazon S3 Best Practice and Tuning for Hadoop/Spark in the Cloud
Amazon S3 Best Practice and Tuning for Hadoop/Spark in the CloudAmazon S3 Best Practice and Tuning for Hadoop/Spark in the Cloud
Amazon S3 Best Practice and Tuning for Hadoop/Spark in the Cloud
Noritaka Sekiyama
 
Dataguard presentation
Dataguard presentationDataguard presentation
Dataguard presentation
Vimlendu Kumar
 
Stephan Ewen - Experiences running Flink at Very Large Scale
Stephan Ewen - Experiences running Flink at Very Large ScaleStephan Ewen - Experiences running Flink at Very Large Scale
Stephan Ewen - Experiences running Flink at Very Large Scale
Ververica
 
Change Data Feed in Delta
Change Data Feed in DeltaChange Data Feed in Delta
Change Data Feed in Delta
Databricks
 
Native Support of Prometheus Monitoring in Apache Spark 3.0
Native Support of Prometheus Monitoring in Apache Spark 3.0Native Support of Prometheus Monitoring in Apache Spark 3.0
Native Support of Prometheus Monitoring in Apache Spark 3.0
Databricks
 
AIOUG-GroundBreakers-Jul 2019 - 19c RAC
AIOUG-GroundBreakers-Jul 2019 - 19c RACAIOUG-GroundBreakers-Jul 2019 - 19c RAC
AIOUG-GroundBreakers-Jul 2019 - 19c RAC
Sandesh Rao
 
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best PracticesOracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Markus Michalewicz
 
OpenTelemetry For Developers
OpenTelemetry For DevelopersOpenTelemetry For Developers
OpenTelemetry For Developers
Kevin Brockhoff
 
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Glen Hawkins
 
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 2
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 2Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 2
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 2
Tanel Poder
 
Oracle 12c PDB insights
Oracle 12c PDB insightsOracle 12c PDB insights
Oracle 12c PDB insights
Kirill Loifman
 
Running Apache Spark on Kubernetes: Best Practices and Pitfalls
Running Apache Spark on Kubernetes: Best Practices and PitfallsRunning Apache Spark on Kubernetes: Best Practices and Pitfalls
Running Apache Spark on Kubernetes: Best Practices and Pitfalls
Databricks
 
Oracle Database 12c Multitenant for Consolidation
Oracle Database 12c Multitenant for ConsolidationOracle Database 12c Multitenant for Consolidation
Oracle Database 12c Multitenant for Consolidation
Yudi Herdiana
 
RocksDB detail
RocksDB detailRocksDB detail
RocksDB detail
MIJIN AN
 
Oracle ASM 11g - The Evolution
Oracle ASM 11g - The EvolutionOracle ASM 11g - The Evolution
Oracle ASM 11g - The Evolution
Alex Gorbachev
 
Covering Indexes Ordersof Magnitude Improvements
Covering Indexes Ordersof Magnitude ImprovementsCovering Indexes Ordersof Magnitude Improvements
Covering Indexes Ordersof Magnitude Improvements
PerconaPerformance
 
Transaction Management on Cassandra
Transaction Management on CassandraTransaction Management on Cassandra
Transaction Management on Cassandra
Scalar, Inc.
 
Distributed tracing 101
Distributed tracing 101Distributed tracing 101
Distributed tracing 101
Itiel Shwartz
 
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdfOracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
SrirakshaSrinivasan2
 
Observability & Datadog
Observability & DatadogObservability & Datadog
Observability & Datadog
JamesAnderson599331
 
Apache Spark overview
Apache Spark overviewApache Spark overview
Apache Spark overview
DataArt
 
How to Install Configure and Use sysstat utils on RHEL 7
How to Install Configure and Use sysstat utils on RHEL 7How to Install Configure and Use sysstat utils on RHEL 7
How to Install Configure and Use sysstat utils on RHEL 7
VCP Muthukrishna
 
How To Reset root Password on CentOS 7
How To Reset root Password on CentOS 7How To Reset root Password on CentOS 7
How To Reset root Password on CentOS 7
VCP Muthukrishna
 
Ad

More Related Content

What's hot (20)

Dataguard presentation
Dataguard presentationDataguard presentation
Dataguard presentation
Vimlendu Kumar
 
Stephan Ewen - Experiences running Flink at Very Large Scale
Stephan Ewen - Experiences running Flink at Very Large ScaleStephan Ewen - Experiences running Flink at Very Large Scale
Stephan Ewen - Experiences running Flink at Very Large Scale
Ververica
 
Change Data Feed in Delta
Change Data Feed in DeltaChange Data Feed in Delta
Change Data Feed in Delta
Databricks
 
Native Support of Prometheus Monitoring in Apache Spark 3.0
Native Support of Prometheus Monitoring in Apache Spark 3.0Native Support of Prometheus Monitoring in Apache Spark 3.0
Native Support of Prometheus Monitoring in Apache Spark 3.0
Databricks
 
AIOUG-GroundBreakers-Jul 2019 - 19c RAC
AIOUG-GroundBreakers-Jul 2019 - 19c RACAIOUG-GroundBreakers-Jul 2019 - 19c RAC
AIOUG-GroundBreakers-Jul 2019 - 19c RAC
Sandesh Rao
 
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best PracticesOracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Markus Michalewicz
 
OpenTelemetry For Developers
OpenTelemetry For DevelopersOpenTelemetry For Developers
OpenTelemetry For Developers
Kevin Brockhoff
 
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Glen Hawkins
 
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 2
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 2Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 2
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 2
Tanel Poder
 
Oracle 12c PDB insights
Oracle 12c PDB insightsOracle 12c PDB insights
Oracle 12c PDB insights
Kirill Loifman
 
Running Apache Spark on Kubernetes: Best Practices and Pitfalls
Running Apache Spark on Kubernetes: Best Practices and PitfallsRunning Apache Spark on Kubernetes: Best Practices and Pitfalls
Running Apache Spark on Kubernetes: Best Practices and Pitfalls
Databricks
 
Oracle Database 12c Multitenant for Consolidation
Oracle Database 12c Multitenant for ConsolidationOracle Database 12c Multitenant for Consolidation
Oracle Database 12c Multitenant for Consolidation
Yudi Herdiana
 
RocksDB detail
RocksDB detailRocksDB detail
RocksDB detail
MIJIN AN
 
Oracle ASM 11g - The Evolution
Oracle ASM 11g - The EvolutionOracle ASM 11g - The Evolution
Oracle ASM 11g - The Evolution
Alex Gorbachev
 
Covering Indexes Ordersof Magnitude Improvements
Covering Indexes Ordersof Magnitude ImprovementsCovering Indexes Ordersof Magnitude Improvements
Covering Indexes Ordersof Magnitude Improvements
PerconaPerformance
 
Transaction Management on Cassandra
Transaction Management on CassandraTransaction Management on Cassandra
Transaction Management on Cassandra
Scalar, Inc.
 
Distributed tracing 101
Distributed tracing 101Distributed tracing 101
Distributed tracing 101
Itiel Shwartz
 
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdfOracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
SrirakshaSrinivasan2
 
Observability & Datadog
Observability & DatadogObservability & Datadog
Observability & Datadog
JamesAnderson599331
 
Apache Spark overview
Apache Spark overviewApache Spark overview
Apache Spark overview
DataArt
 
Dataguard presentation
Dataguard presentationDataguard presentation
Dataguard presentation
Vimlendu Kumar
 
Stephan Ewen - Experiences running Flink at Very Large Scale
Stephan Ewen - Experiences running Flink at Very Large ScaleStephan Ewen - Experiences running Flink at Very Large Scale
Stephan Ewen - Experiences running Flink at Very Large Scale
Ververica
 
Change Data Feed in Delta
Change Data Feed in DeltaChange Data Feed in Delta
Change Data Feed in Delta
Databricks
 
Native Support of Prometheus Monitoring in Apache Spark 3.0
Native Support of Prometheus Monitoring in Apache Spark 3.0Native Support of Prometheus Monitoring in Apache Spark 3.0
Native Support of Prometheus Monitoring in Apache Spark 3.0
Databricks
 
AIOUG-GroundBreakers-Jul 2019 - 19c RAC
AIOUG-GroundBreakers-Jul 2019 - 19c RACAIOUG-GroundBreakers-Jul 2019 - 19c RAC
AIOUG-GroundBreakers-Jul 2019 - 19c RAC
Sandesh Rao
 
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best PracticesOracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Markus Michalewicz
 
OpenTelemetry For Developers
OpenTelemetry For DevelopersOpenTelemetry For Developers
OpenTelemetry For Developers
Kevin Brockhoff
 
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Glen Hawkins
 
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 2
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 2Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 2
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 2
Tanel Poder
 
Oracle 12c PDB insights
Oracle 12c PDB insightsOracle 12c PDB insights
Oracle 12c PDB insights
Kirill Loifman
 
Running Apache Spark on Kubernetes: Best Practices and Pitfalls
Running Apache Spark on Kubernetes: Best Practices and PitfallsRunning Apache Spark on Kubernetes: Best Practices and Pitfalls
Running Apache Spark on Kubernetes: Best Practices and Pitfalls
Databricks
 
Oracle Database 12c Multitenant for Consolidation
Oracle Database 12c Multitenant for ConsolidationOracle Database 12c Multitenant for Consolidation
Oracle Database 12c Multitenant for Consolidation
Yudi Herdiana
 
RocksDB detail
RocksDB detailRocksDB detail
RocksDB detail
MIJIN AN
 
Oracle ASM 11g - The Evolution
Oracle ASM 11g - The EvolutionOracle ASM 11g - The Evolution
Oracle ASM 11g - The Evolution
Alex Gorbachev
 
Covering Indexes Ordersof Magnitude Improvements
Covering Indexes Ordersof Magnitude ImprovementsCovering Indexes Ordersof Magnitude Improvements
Covering Indexes Ordersof Magnitude Improvements
PerconaPerformance
 
Transaction Management on Cassandra
Transaction Management on CassandraTransaction Management on Cassandra
Transaction Management on Cassandra
Scalar, Inc.
 
Distributed tracing 101
Distributed tracing 101Distributed tracing 101
Distributed tracing 101
Itiel Shwartz
 
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdfOracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
SrirakshaSrinivasan2
 
Observability & Datadog
Observability & DatadogObservability & Datadog
Observability & Datadog
JamesAnderson599331
 
Apache Spark overview
Apache Spark overviewApache Spark overview
Apache Spark overview
DataArt
 

Viewers also liked (20)

How to Install Configure and Use sysstat utils on RHEL 7
How to Install Configure and Use sysstat utils on RHEL 7How to Install Configure and Use sysstat utils on RHEL 7
How to Install Configure and Use sysstat utils on RHEL 7
VCP Muthukrishna
 
How To Reset root Password on CentOS 7
How To Reset root Password on CentOS 7How To Reset root Password on CentOS 7
How To Reset root Password on CentOS 7
VCP Muthukrishna
 
How to Upgrade Openfire on CentOS 7
How to Upgrade Openfire on CentOS 7How to Upgrade Openfire on CentOS 7
How to Upgrade Openfire on CentOS 7
VCP Muthukrishna
 
How To Install and Use ABRT CLI on RHEL 7
How To Install and Use ABRT CLI on RHEL 7How To Install and Use ABRT CLI on RHEL 7
How To Install and Use ABRT CLI on RHEL 7
VCP Muthukrishna
 
How To Check file exists and Delete PowerShell
How To Check file exists and Delete PowerShellHow To Check file exists and Delete PowerShell
How To Check file exists and Delete PowerShell
VCP Muthukrishna
 
How To View Current Execution Policy PowerShell
How To View Current Execution Policy PowerShellHow To View Current Execution Policy PowerShell
How To View Current Execution Policy PowerShell
VCP Muthukrishna
 
LSOF Command Usage on RHEL 7
LSOF Command Usage on RHEL 7LSOF Command Usage on RHEL 7
LSOF Command Usage on RHEL 7
VCP Muthukrishna
 
SystemD Usage Guide
SystemD Usage GuideSystemD Usage Guide
SystemD Usage Guide
VCP Muthukrishna
 
Configure Run Levels RHEL 7 or CentOS 7
Configure Run Levels RHEL 7 or CentOS 7Configure Run Levels RHEL 7 or CentOS 7
Configure Run Levels RHEL 7 or CentOS 7
VCP Muthukrishna
 
How to Change Hostname in CentOS 7 or RHEL 7
How to Change Hostname in CentOS 7 or RHEL 7How to Change Hostname in CentOS 7 or RHEL 7
How to Change Hostname in CentOS 7 or RHEL 7
VCP Muthukrishna
 
How To Manage Services on RHEL 7 or CentOS 7
How To Manage Services on RHEL 7 or CentOS 7How To Manage Services on RHEL 7 or CentOS 7
How To Manage Services on RHEL 7 or CentOS 7
VCP Muthukrishna
 
How to Manage journalctl Logging System on RHEL 7
How to Manage journalctl Logging System on RHEL 7How to Manage journalctl Logging System on RHEL 7
How to Manage journalctl Logging System on RHEL 7
VCP Muthukrishna
 
How To Install and Configure Log Rotation on RHEL 7 or CentOS 7
How To Install and Configure Log Rotation on RHEL 7 or CentOS 7How To Install and Configure Log Rotation on RHEL 7 or CentOS 7
How To Install and Configure Log Rotation on RHEL 7 or CentOS 7
VCP Muthukrishna
 
How To Configure Apache VirtualHost on RHEL 7 on AWS
How To Configure Apache VirtualHost on RHEL 7 on AWSHow To Configure Apache VirtualHost on RHEL 7 on AWS
How To Configure Apache VirtualHost on RHEL 7 on AWS
VCP Muthukrishna
 
How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7
VCP Muthukrishna
 
How To Install and Configure Chrony on RHEL 7
How To Install and Configure Chrony on RHEL 7How To Install and Configure Chrony on RHEL 7
How To Install and Configure Chrony on RHEL 7
VCP Muthukrishna
 
How To View Login History and Logout History on RHEL 7
How To View Login History and Logout History on RHEL 7How To View Login History and Logout History on RHEL 7
How To View Login History and Logout History on RHEL 7
VCP Muthukrishna
 
How To Manage Linux User on RHEL 7
How To Manage Linux User on RHEL 7How To Manage Linux User on RHEL 7
How To Manage Linux User on RHEL 7
VCP Muthukrishna
 
How To Install and Configure VSFTPD on RHEL 7 or CentOS 7
How To Install and Configure VSFTPD on RHEL 7 or CentOS 7How To Install and Configure VSFTPD on RHEL 7 or CentOS 7
How To Install and Configure VSFTPD on RHEL 7 or CentOS 7
VCP Muthukrishna
 
How To Configure FirewallD on RHEL 7 or CentOS 7
How To Configure FirewallD on RHEL 7 or CentOS 7How To Configure FirewallD on RHEL 7 or CentOS 7
How To Configure FirewallD on RHEL 7 or CentOS 7
VCP Muthukrishna
 
How to Install Configure and Use sysstat utils on RHEL 7
How to Install Configure and Use sysstat utils on RHEL 7How to Install Configure and Use sysstat utils on RHEL 7
How to Install Configure and Use sysstat utils on RHEL 7
VCP Muthukrishna
 
How To Reset root Password on CentOS 7
How To Reset root Password on CentOS 7How To Reset root Password on CentOS 7
How To Reset root Password on CentOS 7
VCP Muthukrishna
 
How to Upgrade Openfire on CentOS 7
How to Upgrade Openfire on CentOS 7How to Upgrade Openfire on CentOS 7
How to Upgrade Openfire on CentOS 7
VCP Muthukrishna
 
How To Install and Use ABRT CLI on RHEL 7
How To Install and Use ABRT CLI on RHEL 7How To Install and Use ABRT CLI on RHEL 7
How To Install and Use ABRT CLI on RHEL 7
VCP Muthukrishna
 
How To Check file exists and Delete PowerShell
How To Check file exists and Delete PowerShellHow To Check file exists and Delete PowerShell
How To Check file exists and Delete PowerShell
VCP Muthukrishna
 
How To View Current Execution Policy PowerShell
How To View Current Execution Policy PowerShellHow To View Current Execution Policy PowerShell
How To View Current Execution Policy PowerShell
VCP Muthukrishna
 
LSOF Command Usage on RHEL 7
LSOF Command Usage on RHEL 7LSOF Command Usage on RHEL 7
LSOF Command Usage on RHEL 7
VCP Muthukrishna
 
SystemD Usage Guide
SystemD Usage GuideSystemD Usage Guide
SystemD Usage Guide
VCP Muthukrishna
 
Configure Run Levels RHEL 7 or CentOS 7
Configure Run Levels RHEL 7 or CentOS 7Configure Run Levels RHEL 7 or CentOS 7
Configure Run Levels RHEL 7 or CentOS 7
VCP Muthukrishna
 
How to Change Hostname in CentOS 7 or RHEL 7
How to Change Hostname in CentOS 7 or RHEL 7How to Change Hostname in CentOS 7 or RHEL 7
How to Change Hostname in CentOS 7 or RHEL 7
VCP Muthukrishna
 
How To Manage Services on RHEL 7 or CentOS 7
How To Manage Services on RHEL 7 or CentOS 7How To Manage Services on RHEL 7 or CentOS 7
How To Manage Services on RHEL 7 or CentOS 7
VCP Muthukrishna
 
How to Manage journalctl Logging System on RHEL 7
How to Manage journalctl Logging System on RHEL 7How to Manage journalctl Logging System on RHEL 7
How to Manage journalctl Logging System on RHEL 7
VCP Muthukrishna
 
How To Install and Configure Log Rotation on RHEL 7 or CentOS 7
How To Install and Configure Log Rotation on RHEL 7 or CentOS 7How To Install and Configure Log Rotation on RHEL 7 or CentOS 7
How To Install and Configure Log Rotation on RHEL 7 or CentOS 7
VCP Muthukrishna
 
How To Configure Apache VirtualHost on RHEL 7 on AWS
How To Configure Apache VirtualHost on RHEL 7 on AWSHow To Configure Apache VirtualHost on RHEL 7 on AWS
How To Configure Apache VirtualHost on RHEL 7 on AWS
VCP Muthukrishna
 
How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7
VCP Muthukrishna
 
How To Install and Configure Chrony on RHEL 7
How To Install and Configure Chrony on RHEL 7How To Install and Configure Chrony on RHEL 7
How To Install and Configure Chrony on RHEL 7
VCP Muthukrishna
 
How To View Login History and Logout History on RHEL 7
How To View Login History and Logout History on RHEL 7How To View Login History and Logout History on RHEL 7
How To View Login History and Logout History on RHEL 7
VCP Muthukrishna
 
How To Manage Linux User on RHEL 7
How To Manage Linux User on RHEL 7How To Manage Linux User on RHEL 7
How To Manage Linux User on RHEL 7
VCP Muthukrishna
 
How To Install and Configure VSFTPD on RHEL 7 or CentOS 7
How To Install and Configure VSFTPD on RHEL 7 or CentOS 7How To Install and Configure VSFTPD on RHEL 7 or CentOS 7
How To Install and Configure VSFTPD on RHEL 7 or CentOS 7
VCP Muthukrishna
 
How To Configure FirewallD on RHEL 7 or CentOS 7
How To Configure FirewallD on RHEL 7 or CentOS 7How To Configure FirewallD on RHEL 7 or CentOS 7
How To Configure FirewallD on RHEL 7 or CentOS 7
VCP Muthukrishna
 
Ad

Similar to How To Install and Generate Audit Reports in CentOS 7 or RHEL 7 (20)

Resilient Integration to QRadar Advisor (1).pdf
Resilient Integration to QRadar Advisor (1).pdfResilient Integration to QRadar Advisor (1).pdf
Resilient Integration to QRadar Advisor (1).pdf
hieunn131
 
Jenkins log monitoring with elk stack
Jenkins log monitoring with elk stackJenkins log monitoring with elk stack
Jenkins log monitoring with elk stack
Subhasis Roy
 
The Domino 10 RHEL 7 Primer
The Domino 10 RHEL 7 PrimerThe Domino 10 RHEL 7 Primer
The Domino 10 RHEL 7 Primer
Bill Malchisky Jr.
 
2009-08-24 The Linux Audit Subsystem Deep Dive
2009-08-24 The Linux Audit Subsystem Deep Dive2009-08-24 The Linux Audit Subsystem Deep Dive
2009-08-24 The Linux Audit Subsystem Deep Dive
Shawn Wells
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheet
Michael Gough
 
audit
auditaudit
audit
adnan alshulah
 
LUCST walkthrough v1.2.pdf
LUCST walkthrough v1.2.pdfLUCST walkthrough v1.2.pdf
LUCST walkthrough v1.2.pdf
tameneaDemissie
 
The Linux Audit Framework
The Linux Audit FrameworkThe Linux Audit Framework
The Linux Audit Framework
Gary Smith
 
Oracle Analytics Server Infrastructure Tuning guide v2.pdf
Oracle Analytics Server Infrastructure Tuning guide v2.pdfOracle Analytics Server Infrastructure Tuning guide v2.pdf
Oracle Analytics Server Infrastructure Tuning guide v2.pdf
sivakodali7
 
Installing & Configuring IBM Domino 9 on CentOS
Installing & Configuring IBM Domino 9 on CentOSInstalling & Configuring IBM Domino 9 on CentOS
Installing & Configuring IBM Domino 9 on CentOS
Devin Olson
 
How To Install OpenFire in CentOS 7
How To Install OpenFire in CentOS 7How To Install OpenFire in CentOS 7
How To Install OpenFire in CentOS 7
VCP Muthukrishna
 
20894109 te040-i procurement-test-script-on-oracle-iprocurement
20894109 te040-i procurement-test-script-on-oracle-iprocurement20894109 te040-i procurement-test-script-on-oracle-iprocurement
20894109 te040-i procurement-test-script-on-oracle-iprocurement
Pietro Prestia
 
Install
InstallInstall
Install
Said Chatir
 
UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...
UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...
UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...
Leighton Nelson
 
Install Active Directory PowerShell Module on Windows 10
Install Active Directory PowerShell Module on Windows 10Install Active Directory PowerShell Module on Windows 10
Install Active Directory PowerShell Module on Windows 10
VCP Muthukrishna
 
Relax-and-Recover Automated Testing
Relax-and-Recover Automated TestingRelax-and-Recover Automated Testing
Relax-and-Recover Automated Testing
Gratien D'haese
 
Kaspersky Security center 10 documentation
Kaspersky Security center 10 documentationKaspersky Security center 10 documentation
Kaspersky Security center 10 documentation
Tarek Amer
 
Cp r77 security_gateway_techadminguide_test
Cp r77 security_gateway_techadminguide_testCp r77 security_gateway_techadminguide_test
Cp r77 security_gateway_techadminguide_test
Pham Quoc Bao
 
Windows splunk logging cheat sheet Oct 2016 - MalwareArchaeology.com
Windows splunk logging cheat sheet Oct 2016 - MalwareArchaeology.comWindows splunk logging cheat sheet Oct 2016 - MalwareArchaeology.com
Windows splunk logging cheat sheet Oct 2016 - MalwareArchaeology.com
Michael Gough
 
PCD - Process control daemon - Presentation
PCD - Process control daemon - PresentationPCD - Process control daemon - Presentation
PCD - Process control daemon - Presentation
haish
 
Resilient Integration to QRadar Advisor (1).pdf
Resilient Integration to QRadar Advisor (1).pdfResilient Integration to QRadar Advisor (1).pdf
Resilient Integration to QRadar Advisor (1).pdf
hieunn131
 
Jenkins log monitoring with elk stack
Jenkins log monitoring with elk stackJenkins log monitoring with elk stack
Jenkins log monitoring with elk stack
Subhasis Roy
 
The Domino 10 RHEL 7 Primer
The Domino 10 RHEL 7 PrimerThe Domino 10 RHEL 7 Primer
The Domino 10 RHEL 7 Primer
Bill Malchisky Jr.
 
2009-08-24 The Linux Audit Subsystem Deep Dive
2009-08-24 The Linux Audit Subsystem Deep Dive2009-08-24 The Linux Audit Subsystem Deep Dive
2009-08-24 The Linux Audit Subsystem Deep Dive
Shawn Wells
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheet
Michael Gough
 
audit
auditaudit
audit
adnan alshulah
 
LUCST walkthrough v1.2.pdf
LUCST walkthrough v1.2.pdfLUCST walkthrough v1.2.pdf
LUCST walkthrough v1.2.pdf
tameneaDemissie
 
The Linux Audit Framework
The Linux Audit FrameworkThe Linux Audit Framework
The Linux Audit Framework
Gary Smith
 
Oracle Analytics Server Infrastructure Tuning guide v2.pdf
Oracle Analytics Server Infrastructure Tuning guide v2.pdfOracle Analytics Server Infrastructure Tuning guide v2.pdf
Oracle Analytics Server Infrastructure Tuning guide v2.pdf
sivakodali7
 
Installing & Configuring IBM Domino 9 on CentOS
Installing & Configuring IBM Domino 9 on CentOSInstalling & Configuring IBM Domino 9 on CentOS
Installing & Configuring IBM Domino 9 on CentOS
Devin Olson
 
How To Install OpenFire in CentOS 7
How To Install OpenFire in CentOS 7How To Install OpenFire in CentOS 7
How To Install OpenFire in CentOS 7
VCP Muthukrishna
 
20894109 te040-i procurement-test-script-on-oracle-iprocurement
20894109 te040-i procurement-test-script-on-oracle-iprocurement20894109 te040-i procurement-test-script-on-oracle-iprocurement
20894109 te040-i procurement-test-script-on-oracle-iprocurement
Pietro Prestia
 
Install
InstallInstall
Install
Said Chatir
 
UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...
UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...
UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...
Leighton Nelson
 
Install Active Directory PowerShell Module on Windows 10
Install Active Directory PowerShell Module on Windows 10Install Active Directory PowerShell Module on Windows 10
Install Active Directory PowerShell Module on Windows 10
VCP Muthukrishna
 
Relax-and-Recover Automated Testing
Relax-and-Recover Automated TestingRelax-and-Recover Automated Testing
Relax-and-Recover Automated Testing
Gratien D'haese
 
Kaspersky Security center 10 documentation
Kaspersky Security center 10 documentationKaspersky Security center 10 documentation
Kaspersky Security center 10 documentation
Tarek Amer
 
Cp r77 security_gateway_techadminguide_test
Cp r77 security_gateway_techadminguide_testCp r77 security_gateway_techadminguide_test
Cp r77 security_gateway_techadminguide_test
Pham Quoc Bao
 
Windows splunk logging cheat sheet Oct 2016 - MalwareArchaeology.com
Windows splunk logging cheat sheet Oct 2016 - MalwareArchaeology.comWindows splunk logging cheat sheet Oct 2016 - MalwareArchaeology.com
Windows splunk logging cheat sheet Oct 2016 - MalwareArchaeology.com
Michael Gough
 
PCD - Process control daemon - Presentation
PCD - Process control daemon - PresentationPCD - Process control daemon - Presentation
PCD - Process control daemon - Presentation
haish
 
Ad

More from VCP Muthukrishna (20)

How to Fix Duplicate Packages in YUM on CentOS 7
How to Fix Duplicate Packages in YUM on CentOS 7How to Fix Duplicate Packages in YUM on CentOS 7
How to Fix Duplicate Packages in YUM on CentOS 7
VCP Muthukrishna
 
How To Install and Configure GNome on CentOS 7
How To Install and Configure GNome on CentOS 7How To Install and Configure GNome on CentOS 7
How To Install and Configure GNome on CentOS 7
VCP Muthukrishna
 
How To Connect to Active Directory User Validation
How To Connect to Active Directory User ValidationHow To Connect to Active Directory User Validation
How To Connect to Active Directory User Validation
VCP Muthukrishna
 
How To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShellHow To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShell
VCP Muthukrishna
 
How To List Files on Remote Server - PowerShell
How To List Files on Remote Server - PowerShellHow To List Files on Remote Server - PowerShell
How To List Files on Remote Server - PowerShell
VCP Muthukrishna
 
How To List Files and Display In HTML Format
How To List Files and Display In HTML FormatHow To List Files and Display In HTML Format
How To List Files and Display In HTML Format
VCP Muthukrishna
 
How To Check and Delete a File via PowerShell
How To Check and Delete a File via PowerShellHow To Check and Delete a File via PowerShell
How To Check and Delete a File via PowerShell
VCP Muthukrishna
 
Zimbra Troubleshooting - Mails not being Delivered or Deferred or Connection ...
Zimbra Troubleshooting - Mails not being Delivered or Deferred or Connection ...Zimbra Troubleshooting - Mails not being Delivered or Deferred or Connection ...
Zimbra Troubleshooting - Mails not being Delivered or Deferred or Connection ...
VCP Muthukrishna
 
How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7
VCP Muthukrishna
 
How To Install and Configure Open SSH Server on Ubuntu
How To Install and Configure Open SSH Server on UbuntuHow To Install and Configure Open SSH Server on Ubuntu
How To Install and Configure Open SSH Server on Ubuntu
VCP Muthukrishna
 
Windows PowerShell Basics - How To List PSDrive Info
Windows PowerShell Basics - How To List PSDrive InfoWindows PowerShell Basics - How To List PSDrive Info
Windows PowerShell Basics - How To List PSDrive Info
VCP Muthukrishna
 
How To List Nginx Modules Installed / Complied on CentOS 7
How To List Nginx Modules Installed / Complied on CentOS 7How To List Nginx Modules Installed / Complied on CentOS 7
How To List Nginx Modules Installed / Complied on CentOS 7
VCP Muthukrishna
 
Windows PowerShell Basics – How To Create powershell for loop
Windows PowerShell Basics – How To Create powershell for loopWindows PowerShell Basics – How To Create powershell for loop
Windows PowerShell Basics – How To Create powershell for loop
VCP Muthukrishna
 
How To Construct IF and Else Conditional Statements
How To Construct IF and Else Conditional StatementsHow To Construct IF and Else Conditional Statements
How To Construct IF and Else Conditional Statements
VCP Muthukrishna
 
How To Create PowerShell Function Mandatory Parameter and Optional Parameter
How To Create PowerShell Function Mandatory Parameter and Optional ParameterHow To Create PowerShell Function Mandatory Parameter and Optional Parameter
How To Create PowerShell Function Mandatory Parameter and Optional Parameter
VCP Muthukrishna
 
How To Create Power Shell Function Mandatory Parameter Value
How To Create Power Shell Function Mandatory Parameter ValueHow To Create Power Shell Function Mandatory Parameter Value
How To Create Power Shell Function Mandatory Parameter Value
VCP Muthukrishna
 
How To Create PowerShell Function
How To Create PowerShell FunctionHow To Create PowerShell Function
How To Create PowerShell Function
VCP Muthukrishna
 
How To Disable IE Enhanced Security Windows PowerShell
How To Disable IE Enhanced Security Windows PowerShellHow To Disable IE Enhanced Security Windows PowerShell
How To Disable IE Enhanced Security Windows PowerShell
VCP Muthukrishna
 
How To Check IE Enhanced Security Is Enabled Windows PowerShell
How To Check IE Enhanced Security Is Enabled Windows PowerShellHow To Check IE Enhanced Security Is Enabled Windows PowerShell
How To Check IE Enhanced Security Is Enabled Windows PowerShell
VCP Muthukrishna
 
How To Configure Nginx Load Balancer on CentOS 7
How To Configure Nginx Load Balancer on CentOS 7How To Configure Nginx Load Balancer on CentOS 7
How To Configure Nginx Load Balancer on CentOS 7
VCP Muthukrishna
 
How to Fix Duplicate Packages in YUM on CentOS 7
How to Fix Duplicate Packages in YUM on CentOS 7How to Fix Duplicate Packages in YUM on CentOS 7
How to Fix Duplicate Packages in YUM on CentOS 7
VCP Muthukrishna
 
How To Install and Configure GNome on CentOS 7
How To Install and Configure GNome on CentOS 7How To Install and Configure GNome on CentOS 7
How To Install and Configure GNome on CentOS 7
VCP Muthukrishna
 
How To Connect to Active Directory User Validation
How To Connect to Active Directory User ValidationHow To Connect to Active Directory User Validation
How To Connect to Active Directory User Validation
VCP Muthukrishna
 
How To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShellHow To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShell
VCP Muthukrishna
 
How To List Files on Remote Server - PowerShell
How To List Files on Remote Server - PowerShellHow To List Files on Remote Server - PowerShell
How To List Files on Remote Server - PowerShell
VCP Muthukrishna
 
How To List Files and Display In HTML Format
How To List Files and Display In HTML FormatHow To List Files and Display In HTML Format
How To List Files and Display In HTML Format
VCP Muthukrishna
 
How To Check and Delete a File via PowerShell
How To Check and Delete a File via PowerShellHow To Check and Delete a File via PowerShell
How To Check and Delete a File via PowerShell
VCP Muthukrishna
 
Zimbra Troubleshooting - Mails not being Delivered or Deferred or Connection ...
Zimbra Troubleshooting - Mails not being Delivered or Deferred or Connection ...Zimbra Troubleshooting - Mails not being Delivered or Deferred or Connection ...
Zimbra Troubleshooting - Mails not being Delivered or Deferred or Connection ...
VCP Muthukrishna
 
How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7
VCP Muthukrishna
 
How To Install and Configure Open SSH Server on Ubuntu
How To Install and Configure Open SSH Server on UbuntuHow To Install and Configure Open SSH Server on Ubuntu
How To Install and Configure Open SSH Server on Ubuntu
VCP Muthukrishna
 
Windows PowerShell Basics - How To List PSDrive Info
Windows PowerShell Basics - How To List PSDrive InfoWindows PowerShell Basics - How To List PSDrive Info
Windows PowerShell Basics - How To List PSDrive Info
VCP Muthukrishna
 
How To List Nginx Modules Installed / Complied on CentOS 7
How To List Nginx Modules Installed / Complied on CentOS 7How To List Nginx Modules Installed / Complied on CentOS 7
How To List Nginx Modules Installed / Complied on CentOS 7
VCP Muthukrishna
 
Windows PowerShell Basics – How To Create powershell for loop
Windows PowerShell Basics – How To Create powershell for loopWindows PowerShell Basics – How To Create powershell for loop
Windows PowerShell Basics – How To Create powershell for loop
VCP Muthukrishna
 
How To Construct IF and Else Conditional Statements
How To Construct IF and Else Conditional StatementsHow To Construct IF and Else Conditional Statements
How To Construct IF and Else Conditional Statements
VCP Muthukrishna
 
How To Create PowerShell Function Mandatory Parameter and Optional Parameter
How To Create PowerShell Function Mandatory Parameter and Optional ParameterHow To Create PowerShell Function Mandatory Parameter and Optional Parameter
How To Create PowerShell Function Mandatory Parameter and Optional Parameter
VCP Muthukrishna
 
How To Create Power Shell Function Mandatory Parameter Value
How To Create Power Shell Function Mandatory Parameter ValueHow To Create Power Shell Function Mandatory Parameter Value
How To Create Power Shell Function Mandatory Parameter Value
VCP Muthukrishna
 
How To Create PowerShell Function
How To Create PowerShell FunctionHow To Create PowerShell Function
How To Create PowerShell Function
VCP Muthukrishna
 
How To Disable IE Enhanced Security Windows PowerShell
How To Disable IE Enhanced Security Windows PowerShellHow To Disable IE Enhanced Security Windows PowerShell
How To Disable IE Enhanced Security Windows PowerShell
VCP Muthukrishna
 
How To Check IE Enhanced Security Is Enabled Windows PowerShell
How To Check IE Enhanced Security Is Enabled Windows PowerShellHow To Check IE Enhanced Security Is Enabled Windows PowerShell
How To Check IE Enhanced Security Is Enabled Windows PowerShell
VCP Muthukrishna
 
How To Configure Nginx Load Balancer on CentOS 7
How To Configure Nginx Load Balancer on CentOS 7How To Configure Nginx Load Balancer on CentOS 7
How To Configure Nginx Load Balancer on CentOS 7
VCP Muthukrishna
 

Recently uploaded (20)

Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)
Kaya Weers
 
Unlocking Generative AI in your Web Apps
Unlocking Generative AI in your Web AppsUnlocking Generative AI in your Web Apps
Unlocking Generative AI in your Web Apps
Maximiliano Firtman
 
IT488 Wireless Sensor Networks_Information Technology
IT488 Wireless Sensor Networks_Information TechnologyIT488 Wireless Sensor Networks_Information Technology
IT488 Wireless Sensor Networks_Information Technology
SHEHABALYAMANI
 
DevOpsDays SLC - Platform Engineers are Product Managers.pptx
DevOpsDays SLC - Platform Engineers are Product Managers.pptxDevOpsDays SLC - Platform Engineers are Product Managers.pptx
DevOpsDays SLC - Platform Engineers are Product Managers.pptx
Justin Reock
 
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Safe Software
 
Top-AI-Based-Tools-for-Game-Developers (1).pptx
Top-AI-Based-Tools-for-Game-Developers (1).pptxTop-AI-Based-Tools-for-Game-Developers (1).pptx
Top-AI-Based-Tools-for-Game-Developers (1).pptx
BR Softech
 
Bepents tech services - a premier cybersecurity consulting firm
Bepents tech services - a premier cybersecurity consulting firmBepents tech services - a premier cybersecurity consulting firm
Bepents tech services - a premier cybersecurity consulting firm
Benard76
 
Build With AI - In Person Session Slides.pdf
Build With AI - In Person Session Slides.pdfBuild With AI - In Person Session Slides.pdf
Build With AI - In Person Session Slides.pdf
Google Developer Group - Harare
 
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
João Esperancinha
 
Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...
Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...
Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...
Mike Mingos
 
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Markus Eisele
 
Q1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor PresentationQ1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor Presentation
Dropbox
 
Cybersecurity Threat Vectors and Mitigation
Cybersecurity Threat Vectors and MitigationCybersecurity Threat Vectors and Mitigation
Cybersecurity Threat Vectors and Mitigation
VICTOR MAESTRE RAMIREZ
 
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
AI 3-in-1: Agents, RAG, and Local Models - Brent LasterAI 3-in-1: Agents, RAG, and Local Models - Brent Laster
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
All Things Open
 
Agentic Automation - Delhi UiPath Community Meetup
Agentic Automation - Delhi UiPath Community MeetupAgentic Automation - Delhi UiPath Community Meetup
Agentic Automation - Delhi UiPath Community Meetup
Manoj Batra (1600 + Connections)
 
How to Install & Activate ListGrabber - eGrabber
How to Install & Activate ListGrabber - eGrabberHow to Install & Activate ListGrabber - eGrabber
How to Install & Activate ListGrabber - eGrabber
eGrabber
 
May Patch Tuesday
May Patch TuesdayMay Patch Tuesday
May Patch Tuesday
Ivanti
 
RTP Over QUIC: An Interesting Opportunity Or Wasted Time?
RTP Over QUIC: An Interesting Opportunity Or Wasted Time?RTP Over QUIC: An Interesting Opportunity Or Wasted Time?
RTP Over QUIC: An Interesting Opportunity Or Wasted Time?
Lorenzo Miniero
 
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz
 
Kit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdf
Kit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdfKit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdf
Kit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdf
Wonjun Hwang
 
Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)
Kaya Weers
 
Unlocking Generative AI in your Web Apps
Unlocking Generative AI in your Web AppsUnlocking Generative AI in your Web Apps
Unlocking Generative AI in your Web Apps
Maximiliano Firtman
 
IT488 Wireless Sensor Networks_Information Technology
IT488 Wireless Sensor Networks_Information TechnologyIT488 Wireless Sensor Networks_Information Technology
IT488 Wireless Sensor Networks_Information Technology
SHEHABALYAMANI
 
DevOpsDays SLC - Platform Engineers are Product Managers.pptx
DevOpsDays SLC - Platform Engineers are Product Managers.pptxDevOpsDays SLC - Platform Engineers are Product Managers.pptx
DevOpsDays SLC - Platform Engineers are Product Managers.pptx
Justin Reock
 
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Safe Software
 
Top-AI-Based-Tools-for-Game-Developers (1).pptx
Top-AI-Based-Tools-for-Game-Developers (1).pptxTop-AI-Based-Tools-for-Game-Developers (1).pptx
Top-AI-Based-Tools-for-Game-Developers (1).pptx
BR Softech
 
Bepents tech services - a premier cybersecurity consulting firm
Bepents tech services - a premier cybersecurity consulting firmBepents tech services - a premier cybersecurity consulting firm
Bepents tech services - a premier cybersecurity consulting firm
Benard76
 
Build With AI - In Person Session Slides.pdf
Build With AI - In Person Session Slides.pdfBuild With AI - In Person Session Slides.pdf
Build With AI - In Person Session Slides.pdf
Google Developer Group - Harare
 
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
João Esperancinha
 
Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...
Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...
Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...
Mike Mingos
 
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Markus Eisele
 
Q1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor PresentationQ1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor Presentation
Dropbox
 
Cybersecurity Threat Vectors and Mitigation
Cybersecurity Threat Vectors and MitigationCybersecurity Threat Vectors and Mitigation
Cybersecurity Threat Vectors and Mitigation
VICTOR MAESTRE RAMIREZ
 
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
AI 3-in-1: Agents, RAG, and Local Models - Brent LasterAI 3-in-1: Agents, RAG, and Local Models - Brent Laster
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
All Things Open
 
Agentic Automation - Delhi UiPath Community Meetup
Agentic Automation - Delhi UiPath Community MeetupAgentic Automation - Delhi UiPath Community Meetup
Agentic Automation - Delhi UiPath Community Meetup
Manoj Batra (1600 + Connections)
 
How to Install & Activate ListGrabber - eGrabber
How to Install & Activate ListGrabber - eGrabberHow to Install & Activate ListGrabber - eGrabber
How to Install & Activate ListGrabber - eGrabber
eGrabber
 
May Patch Tuesday
May Patch TuesdayMay Patch Tuesday
May Patch Tuesday
Ivanti
 
RTP Over QUIC: An Interesting Opportunity Or Wasted Time?
RTP Over QUIC: An Interesting Opportunity Or Wasted Time?RTP Over QUIC: An Interesting Opportunity Or Wasted Time?
RTP Over QUIC: An Interesting Opportunity Or Wasted Time?
Lorenzo Miniero
 
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz
 
Kit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdf
Kit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdfKit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdf
Kit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdf
Wonjun Hwang
 

How To Install and Generate Audit Reports in CentOS 7 or RHEL 7

  • 1. How To Install and Generate Audit Reports in CentOS 7 i | P a g e Table of Contents Overview.......................................................................................................................................................1 Applies To......................................................................................................................................................1 Pre-requisites................................................................................................................................................1 Install Audit Packages ...................................................................................................................................1 Components, Tools and Configuration Files.................................................................................................1 Kernel........................................................................................................................................................1 Binaries......................................................................................................................................................1 Files ...........................................................................................................................................................2 Auditctl - Attributes / Parameters ................................................................................................................2 Audit Control - Rules Table .......................................................................................................................2 Audit Control - Permissions Table.............................................................................................................2 Audit Control - Actions..............................................................................................................................2 Manage Audit Rules......................................................................................................................................3 List Audit Rules..........................................................................................................................................3 Add Audit Rules.........................................................................................................................................3 Add Audit Rule – Shadow File...............................................................................................................3 Add Audit Rule – Password File ............................................................................................................4 Add Audit Rule – SSH Config File...........................................................................................................4 Add Audit Rule – hosts File ...................................................................................................................4 Add Audit Rule – Directory ...................................................................................................................4 Audit Delete Rules.....................................................................................................................................5 Delete Rules – All Rules.........................................................................................................................5 Delete Rules – By Key............................................................................................................................5 Delete Rules – Matching Rule...............................................................................................................6 Audit Query / Search.....................................................................................................................................6 Audit Query – By File.................................................................................................................................6 Audit Query – By key.................................................................................................................................7 Audit Query – By Exit Code.......................................................................................................................7 Audit Query – By Executable ....................................................................................................................8 Audit Query – By UserID ...........................................................................................................................8 Audit Query – By User LoginID..................................................................................................................9
  • 2. How To Install and Generate Audit Reports in CentOS 7 ii | P a g e Audit Query – By GroupID.........................................................................................................................9 Audit Query – By UUID..............................................................................................................................9 Audit Query – By Hostname....................................................................................................................10 Audit Reports ..............................................................................................................................................10 Audit Report – Summary.........................................................................................................................10 Audit Report – Report Authentication Attempts................................................................................11 Audit Report – Report Authentication Failed Attempts .....................................................................11 Audit Report – Report Login Success Attempts..................................................................................12 Audit Report – Report Login Failed Attempts.....................................................................................12 Audit Report – Report Login Failed Attempts.....................................................................................12 Audit Report – Report Filter by Timestamp........................................................................................13 Audit Report – Report Find Syscall......................................................................................................14 Different System Calls and its Mapping..................................................................................................14 ausyscall 2 ...........................................................................................................................................14 ausyscall 188 .......................................................................................................................................14 ausyscall 191 .......................................................................................................................................14 Alternate Methods – Aureport ...................................................................................................................15
  • 3. How To Install and Generate Audit Reports in CentOS 7 1 | P a g e Overview It is always a good to have a look various logs on your server to determine who has logged in successfully and who has had failed attempts at logging in. More importantly with a server is connected to the public IP address. It also helps administrator to keep trail of administrator activities. Applies To CentOS 7, RHEL 7 Pre-requisites In order to run the commands described in this guide; packages that has to be installed.  audit  audit-libs Install Audit Packages By default audit packages are installed, in case you need to install run the below command; audit-libs is a dependency package. yum install audit audit-libs -y Components, Tools and Configuration Files There are three major components for Auditing on a box. Kernel audit Hooks into the kernel to capture events and delivers them to auditd daemon Binaries auditd A daemon to capture events and store them in auditd.log file auditctl Audit tool to configure auditd on the server audispd Daemon to multiplex events aureport Reporting tool which reads from auditd.log file ausearch Looks-up events in auditd.log file autrace Using audit component in kernel to trace binaries aulast Similar to last, but utilizes audit framework aulastlog Similar to lastlog, but again utilizes audit framework ausyscall Map syscall ID and name auvirt Displaying audit information regarding virtual machines
  • 4. How To Install and Generate Audit Reports in CentOS 7 2 | P a g e Files audit.rules Rules defined is utilized by auditctl auditd.conf Configuration file of auditd daemon Auditctl - Attributes / Parameters Audit control tool is managed by rules and the parameters associated to each rule. Audit Control - Rules Table -w This parameter will add / insert a watch for the file system object at path. -W This parameter will remove a watch for the file system object at path. -f [0..2] Set failure flag which can be set between 0 - 2 wherein; 0=silent 1=printk 2=panic -e [0..2] Set enabled flag which can be set between 0 - 2 wherein; 0= disable auditing 1=enable auditing 2= lock the audit configuration -k Key -p [rwxa] this parameter describes the permission access type that a file system watch will trigger on rwxa; see Permissions Table -D Delete all audit rules Audit Control - Permissions Table r Read permission; if a file is opened for reading w write permission; if a file is opened for writing x execute permission; if a file is opened for execution a attribute permission; if a file attribute is changed Audit Control - Actions never No audit records will be generated. This can be used to suppress event generation. always Allocate an audit context, always fill it in at syscall entry time, and always write out a record at syscall exit time.
  • 5. How To Install and Generate Audit Reports in CentOS 7 3 | P a g e Manage Audit Rules One of the main purpose of audit rule(s) is to keep track of files that have been read, modified or executed by a user are being monitored; which will ensure engineers to perform administrative actions that their role defines or requires. List Audit Rules First up, before you configure a new rule it’s always a good idea to list of audit rules that are already configured. To know rules configure run the below command, the command will list rules defined from the file “/etc/audit/audit.rules”. auditctl -l Add Audit Rules In order to add a watch / audit files, you need to add a rule, we will add few audit rules. Add Audit Rule – Shadow File To audit password shadow file run the below command with key “shadow-file”; we will watch for permissions “r,w,x,a”. auditctl -w /etc/shadow -k shadow-file -p rwxa
  • 6. How To Install and Generate Audit Reports in CentOS 7 4 | P a g e Add Audit Rule – Password File To audit password file run the below command with key “password-file”; we will watch for permissions “r,w,a”. auditctl -w /etc/passwd -p war -k password-file Add Audit Rule – SSH Config File To audit SSH daemon main configuration file run the below command with key “sshconfig”; we will watch for permissions “r,w,a,x”. auditctl -w /etc/ssh/sshd_config -p rwax -k sshconfig-file Add Audit Rule – hosts File To audit hosts file run the below command with key “hosts-file”; we will watch for permissions “w,a”. auditctl -w /etc/hosts -p wa -k hosts-file Add Audit Rule – Directory If you would like to watch a specific directory on a host, run the command below auditctl -w /etc/security -k "/etc/secturity" Note: it’s a good idea to add a rule with “key”, because it helps in search by a show rules based on key.
  • 7. How To Install and Generate Audit Reports in CentOS 7 5 | P a g e Audit Delete Rules If the host or a rule(s) that are no longer required to be audited / watched. You need delete the audit rules that are no longer required. Delete Rules – All Rules At times you would want to delete all rules defined run the below command, this command will remove all rules defined in “audit.rules” file. auditctl -D Delete Rules – By Key To delete rules based on the key run the below command, this command will remove all rules defined in “audit.rules” file. auditctl -D -key password-file
  • 8. How To Install and Generate Audit Reports in CentOS 7 6 | P a g e Delete Rules – Matching Rule To delete matching rule, run the below command, this command will remove all rules defined in “audit.rules” file. You have to match the actual rule to remove it. auditctl -W /etc/passwd -p rwa -k password-file Audit Query / Search Ausearch is audit daemon query tool, there are many ways that you can perform different kind of audits. A few of them have been listed and shown here. Audit Query – By File Search for an events matching for the given filename. ausearch -f /etc/passwd
  • 9. How To Install and Generate Audit Reports in CentOS 7 7 | P a g e Audit Query – By key Search for an events matching for the given key defined while creating the audit rules. ausearch -k password-file Audit Query – By Exit Code Search for an event matching the exit code. Exit codes can be interpreted in the error file “/usr/include/asm-generic/errno-base.h” ausearch -e 1
  • 10. How To Install and Generate Audit Reports in CentOS 7 8 | P a g e Audit Query – By Executable Search for an event matching the executable, run the command below. ausearch -x ls Audit Query – By UserID Search for an events matching based on the user ID. ausearch -ui 1000
  • 11. How To Install and Generate Audit Reports in CentOS 7 9 | P a g e Audit Query – By User LoginID Query for events matching for the user Login ID and display them. ausearch -ul 1000 Audit Query – By GroupID Query for events matching for the group id and display them. ausearch -gi 1000 Audit Query – By UUID Query for events matching for the UUID and display them. ausearch -uu 1000
  • 12. How To Install and Generate Audit Reports in CentOS 7 10 | P a g e Audit Query – By Hostname Query for events matching for the hostname and display them. ausearch -hn vcptest Audit Reports It’s a tool that delivers audit summary reports of the audit system logs. Audit Report – Summary aureport –summary
  • 13. How To Install and Generate Audit Reports in CentOS 7 11 | P a g e Audit Report – Report Authentication Attempts List all the events irrespective of success or failed. aureport -au Audit Report – Report Authentication Failed Attempts List all the events that have failed. aureport -au | grep "no "
  • 14. How To Install and Generate Audit Reports in CentOS 7 12 | P a g e Audit Report – Report Login Success Attempts aureport --success -l Audit Report – Report Login Failed Attempts aureport --failed -l Audit Report – Report Login Failed Attempts aureport -m
  • 15. How To Install and Generate Audit Reports in CentOS 7 13 | P a g e Audit Report – Report Filter by Timestamp aureport --start 09/20/2015 00:00:00 --end 09/21/2015 00:00:00
  • 16. How To Install and Generate Audit Reports in CentOS 7 14 | P a g e Audit Report – Report Find Syscall For each command execution syscall is associated in the audit log. Run the command “ausearch gi 1000 - -just-one” Different System Calls and its Mapping ausyscall 2 Open ausyscall 188 setxattr ausyscall 191 getxattr
  • 17. How To Install and Generate Audit Reports in CentOS 7 15 | P a g e Alternate Methods – Aureport cat /var/log/secure | grep 'sshd.*Failed' cat /var/log/secure | grep 'sshd.*opened' cat /var/log/secure | grep 'login.*tty'
  翻译: