You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -49,6 +49,9 @@ causes auditd to immediately rotate the logs. It will consult the max_log_file_a
.TP
SIGUSR2
causes auditd to attempt to resume logging. This is usually needed after logging has been suspended.
.TP
SIGCONT
causes auditd to dump a report of internal state to /var/run/auditd.state.
.SH FILES
.B/etc/audit/auditd.conf
Expand All
@@ -59,6 +62,9 @@ causes auditd to attempt to resume logging. This is usually needed after logging
.P
.B/etc/audit/rules.d/
- directory holding individual sets of rules to be compiled into one file by augenrules.
.P
.B/var/run/auditd.state
- report about internal state.
.SH NOTES
A boot param of audit=1 should be added to ensure that all processes that run before the audit daemon starts is marked as auditable by the kernel. Not doing that will make a few processes impossible to properly audit.
