Linux.com

Auditd and AUReport

Link to this post 25 Jul 12

Hey there Guys / Girls,

I hope I can get a lil help, looking around I havent had luck as yet on getting this.

I have setup sever file watches using the auditd service. and they definately are working how I would like.
the issue I have is 2 fold,

1stly aureport generated the log in a decent to read format, however I want the aureport -f to include the auid in the report, can I add it somehow?

2ndly I want to trigger a Email on certain alerts.
For example I audit the /home/root folder and the /etc/* selection now I want a alert to trigger for the /etc/* alerts to send (preferably in nice readable format) to myself.

My Linux skills are still much to my dismay very very low but I is learning slowly :D

*Oh Side note, Im doing this through Command line, dont want to enable grub or anything.

Link to this post 27 Jul 12

I'm far from knowledgeable in this area, but, is it possible to trigger "sendmail" from auditd? Sendmail has a multitude of configuration options.

Check it out, type "man sendmail" (without quotes) in a terminal and read up on it. It may be able to do something that auditd can't.

Link to this post 27 Jul 12

Thanks GoinEasy,

Im having a look through it, just not having luck at the moment :( BUT I shall prevail bwahahahaa.

Ill post the solution here too if i figure it out.

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board