Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 352

configuration file and configure how the audit system functions once the daemon has
been started in /etc/audit/auditd.conf.
The most important configuration parameters in /etc/sysconfig/auditd are:
AUDITD_LANG="en_US"
AUDITD_DISABLE_CONTEXTS="no"
AUDITD_LANG
The locale information used by audit. The default setting is en_US. Setting it to
none would remove all locale information from audit's environment.
AUDITD_DISABLE_CONTEXTS
Disable system call auditing by default. Set to no for full audit functionality includ-
ing file and directory watches and system call auditing.
The /etc/audit/auditd.conf configuration file determines how the audit system
functions once the daemon has been started. For most use cases, the default settings
shipped with SUSE Linux Enterprise Desktop should suffice. For CAPP environments,
most of these parameters need tweaking. The following list briefly introduces the pa-
rameters available:
log_file = /var/log/audit/audit.log
log_format = RAW
log_group = root
priority_boost = 4
flush = INCREMENTAL
freq = 20
num_logs = 4
disp_qos = lossy
dispatcher = /usr/sbin/audispd
name_format = NONE
#name = mydomain
max_log_file = 5
max_log_file_action = ROTATE
space_left = 75
space_left_action = SYSLOG
action_mail_acct = root
admin_space_left = 50
admin_space_left_action = SUSPEND
disk_full_action = SUSPEND
disk_error_action = SUSPEND
#tcp_listen_port =
tcp_listen_queue = 5
#tcp_client_ports = 1024-65535
tcp_client_max_idle = 0
340 Security Guide