Hey there Guys / Girls,
I hope I can get a lil help, looking around I havent had luck as yet on getting this.
I have setup sever file watches using the auditd service. and they definately are working how I would like.
the issue I have is 2 fold,
1stly aureport generated the log in a decent to read format, however I want the aureport -f to include the auid in the report, can I add it somehow?
2ndly I want to trigger a Email on certain alerts.
For example I audit the /home/root folder and the /etc/* selection now I want a alert to trigger for the /etc/* alerts to send (preferably in nice readable format) to myself.
My Linux skills are still much to my dismay very very low but I is learning slowly :D
*Oh Side note, Im doing this through Command line, dont want to enable grub or anything.