maybe chmod 0640 'audisp/plugins.d/syslog.conf'
maybe chmod 0640 'audisp/zos-remote.conf'
maybe chmod 0755 'audit'
+maybe chmod 0644 'audit/audit-stop.rules'
maybe chmod 0640 'audit/audit.rules'
maybe chmod 0640 'audit/audit.rules.stop.post'
maybe chmod 0640 'audit/audit.rules.stop.pre'
network_failure_action = stop
disk_low_action = ignore
-disk_full_action = ignore
-disk_error_action = syslog
+disk_full_action = warn_once
+disk_error_action = warn_once
remote_ending_action = reconnect
generic_error_action = syslog
generic_warning_action = syslog
+queue_error = stop
overflow_action = syslog
##enable_krb5 = no
# arguments provided can be the default priority that you
# want the events written with. And optionally, you can give
# a second argument indicating the facility that you want events
-# logged to. Valid options are LOG_LOCAL0 through 7.
+# logged to. Valid options are LOG_LOCAL0 through 7, LOG_AUTH,
+# LOG_AUTHPRIV, LOG_DAEMON, LOG_SYSLOG, and LOG_USER.
active = no
direction = out
--- /dev/null
+# These rules are loaded when the audit daemon stops
+# if configured to do so.
+
+# Disable auditing
+-e 0
+
+# Delete all rules
+-D
# This file controls the configuration of the audit daemon
#
+local_events = yes
+write_logs = yes
log_file = /var/log/audit/audit.log
-log_format = RAW
log_group = root
-priority_boost = 4
-flush = INCREMENTAL
-freq = 20
+log_format = RAW
+flush = INCREMENTAL_ASYNC
+freq = 50
+max_log_file = 8
num_logs = 5
+priority_boost = 4
disp_qos = lossy
dispatcher = /sbin/audispd
name_format = NONE
##name = mydomain
-max_log_file = 6
max_log_file_action = ROTATE
space_left = 75
space_left_action = SYSLOG
admin_space_left_action = SUSPEND
disk_full_action = SUSPEND
disk_error_action = SUSPEND
+use_libwrap = yes
##tcp_listen_port =
tcp_listen_queue = 5
tcp_max_per_addr = 1
enable_krb5 = no
krb5_principal = auditd
##krb5_key_file = /etc/audit/audit.key
+distribute_network = no
projects / config / helga / etc.git / commitdiff