General
cancel
Showing results for 
Search instead for 
Did you mean: 

How do you turn on auditing?

SOLVED
Go to solution
Richard Munn
Frequent Advisor

How do you turn on auditing?

I am running RHEL3 kernel 2.4.21-15 and I want to turning auditing on. Have installed laus but if I try to start auditd with /etc/init.d/audit all I get is (kernel audit support unavailable).

The problem is I can't find anything anywhere which talks about putting audit support in the kernel. So how is it done???
4 REPLIES
Vitaly Karasik_1
Honored Contributor

Re: How do you turn on auditing?

see Release Notes http://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/release-notes/as-x86/RELEASE-NOTES-U3-x86-en.html

As far as I understand, "audit" kernel module should run; your can tune audit system by playing with /proc/sys/dev/audit settings.

Rgds,
Vitaly
Chris Xu
Trusted Contributor
Solution

Re: How do you turn on auditing?

At your current system, type "lsmod |grep audit" to verify if audit is available. If not, you need to upgrade to RHEL 3.3, which has a newer kernel 2.4.21-20. That version has the audit support built in the kernel. I have a few 3.3 systems with audit running.

Chris
HGN
Honored Contributor

Re: How do you turn on auditing?

Hi

This is available with later kernel 2.4.21.34 has this on our servers.

Rgds

HGN
Richard Munn
Frequent Advisor

Re: How do you turn on auditing?

An upgrade to 2.4.21-20 seems to have done the trick. Thanks!