Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 353
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
Depending on whether you want your environment to satisfy the requirements of CAPP,
you need to be extra restrictive when configuring the audit daemon. Where you need
to use particular settings to meet the CAPP requirements, a "CAPP Environment" note
tells you how to adjust the configuration.
log_file, log_format and log_group
log_file specifies the location where the audit logs should be stored.
log_format determines how the audit information is written to disk and
log_group defines the group that owns the log files. Possible values for
log_format are raw (messages are stored just as the kernel sends them) or
nolog (messages are discarded and not written to disk). The data sent to the audit
dispatcher is not affected if you use the nolog mode. The default setting is raw
and you should keep it if you want to be able to create reports and queries against
the audit logs using the aureport and ausearch tools. The value for log_group
can either be specified literally or by the groups ID.
NOTE: CAPP Environment
In a CAPP environment, have the audit log reside on its own partition. By
doing so, you can be sure that the space detection of the audit daemon is
accurate and that you do not have other processes consuming this space.
priority_boost
Determine how much of a priority boost the audit daemon should get. Possible
values are 0 to 4, with 4 assigning the highest priority. The values given here
translate to negative nice values, as in 3 to -4 to increase the priority.
flush and freq
Specifies whether, how, and how often the audit logs should be written to disk.
Valid values for flush are none, incremental, data, and sync. none tells
the audit daemon not to make any special effort to write the audit data to disk.
incremental tells the audit daemon to explicitly flush the data to disk. A fre-
quency must be specified if incremental is used. A freq value of 20 tells the
audit daemon to request the kernel to flush the data to disk after every 20 records.
The data option keeps the data portion of the disk file in sync at all times while
the sync option takes care of both metadata and data.
Understanding Linux Audit
341
Advertisement
Table of Contents
Related Manuals for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
Related Products for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
- NOVELL EDIRECTORY 8.8 SP2 - GUIDE 10-2007
- NOVELL EDIRECTORY 8.8 SP5 - GUIDE 12-2009
- NOVELL IDENTITY MANAGER 3.6.1 - WORKORDER DRIVER IMPLEMENTATION GUIDE 18-12-2009
- NOVELL LINUX ENTERPRISE 11 - SUBSCRIPTION MANAGEMENT TOOL GUIDE 10-02-2009
- NOVELL OPEN ENTERPRISE SERVER - CONVERSION GUIDE 12-2010
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - PLANING AND IMPLEMENTATION GUIDE 11-10-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - UPGARDE GUIDE 10-09-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - VIRTUAL MACHINE MANAGEMENT GUIDE 10-17-2009
- NOVELL PRODUCT NAME 10.3 - DEPLOYING ZENWORKS ON CITRIX SERVER BEST PRACTICES GUIDE 12-13-2010
- NOVELL SERVER CONSOLIDATION MIGRATION TOOLKIT 1.1 - ADMINISTRATION GUIDE 12-23-2005
- NOVELL ZENWORKS APPLICATION VIRTUALIZATION 8.0.2 - INTEGRATION AND STREAMING GUIDE 11-2010
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL CUSTOMER CENTER 2.3 - GUIDE 4-8-2009
- NOVELL IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006
- NOVELL LINUX ENTERPRISE SERVER 10 - START-UP GUIDE 06-12-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STORAGE ADMINISTRATION GUIDE 05-15-2009