Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 355
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
to be taken is specified in max_log_file_action. Possible values for
max_log_file_action are ignore, syslog, suspend, rotate, and
keep_logs. ignore tells the audit daemon to do nothing once the size limit is
reached, syslog tells it to issue a warning and send it to syslog, and suspend
causes the audit daemon to stop writing logs to disk leaving the daemon itself still
alive. rotate triggers log rotation using the num_logs setting. keep_logs
also triggers log rotation, but does not use the num_log setting, so always keeps
all logs.
NOTE: CAPP Environment
To keep a complete audit trail in CAPP environments, the keep_logs
option should be used. If using a separate partition to hold your audit logs,
adjust max_log_file and num_logs to use the entire space available
on that partition. Note that the more files that have to be rotated, the
longer it takes to get back to receiving audit events.
space_left and space_left_action
space_left takes a numerical value in megabytes of remaining disk space that
triggers a configurable action by the audit daemon. The action is specified in
space_left_action. Possible values for this parameter are ignore, syslog,
email, exec, suspend, single, and halt. ignore tells the audit daemon
to ignore the warning and do nothing, syslog has it issue a warning to syslog,
and email sends an e-mail to the account specified under action_mail_acct.
exec plus a path to a script executes the given script. Note that it is not possible
to pass parameters to the script. suspend tells the audit daemon to stop writing
to disk but remain alive while single triggers the system to be brought down to
single user mode. halt triggers a full shutdown of the system.
NOTE: CAPP Environment
Make sure that space_left is set to a value that gives the administrator
enough time to react to the alert and allows him to free enough disk space
for the audit daemon to continue to work. Freeing disk space would involve
calling aureport -t and archiving the oldest logs on a separate archiving
partition or resource. The actual value for space_left depends on the
size of your deployment. Set space_left_action to email.
Understanding Linux Audit
343
Advertisement
Table of Contents
Related Manuals for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
Related Products for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
- NOVELL EDIRECTORY 8.8 SP2 - GUIDE 10-2007
- NOVELL EDIRECTORY 8.8 SP5 - GUIDE 12-2009
- NOVELL IDENTITY MANAGER 3.6.1 - WORKORDER DRIVER IMPLEMENTATION GUIDE 18-12-2009
- NOVELL LINUX ENTERPRISE 11 - SUBSCRIPTION MANAGEMENT TOOL GUIDE 10-02-2009
- NOVELL OPEN ENTERPRISE SERVER - CONVERSION GUIDE 12-2010
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - PLANING AND IMPLEMENTATION GUIDE 11-10-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - UPGARDE GUIDE 10-09-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - VIRTUAL MACHINE MANAGEMENT GUIDE 10-17-2009
- NOVELL PRODUCT NAME 10.3 - DEPLOYING ZENWORKS ON CITRIX SERVER BEST PRACTICES GUIDE 12-13-2010
- NOVELL SERVER CONSOLIDATION MIGRATION TOOLKIT 1.1 - ADMINISTRATION GUIDE 12-23-2005
- NOVELL ZENWORKS APPLICATION VIRTUALIZATION 8.0.2 - INTEGRATION AND STREAMING GUIDE 11-2010
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL CUSTOMER CENTER 2.3 - GUIDE 4-8-2009
- NOVELL IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006
- NOVELL LINUX ENTERPRISE SERVER 10 - START-UP GUIDE 06-12-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STORAGE ADMINISTRATION GUIDE 05-15-2009