audit子系统专门用来记录安全信息,用于对系统安全事件的追溯;
1. /etc/security/audit/config 介绍
start:
binmode = on (开启了二进制模式)
streammode = off
bin:
trail = /audit/trail
bin1 = /audit/bin1 (二进制模式下,审计log存放的位置)
bin2 = /audit/bin2
binsize = 10240
cmds = /etc/security/audit/bincmds
freespace = 65536
stream:
cmds = /etc/security/audit/streamcmds(流模式)
classes: (classes: 定义的类,预定义的类有:general, objects, SRC, kernel, files, SVIPC, mail, cron和TCPIP)
general = USER_SU,PASSWORD_Change,FILE_Unlink,FILE_Link,FILE_Rename,FS_Chdir,FS_Chroot,PORT_Locked,PORT_Change,FS_Mkdir,FS_Rmdir
收起