An XCCDF Group - A logical subset of the XCCDF Benchmark
/var/log/audit/audit.log
auditd
/var/log/audit
/var
remote_server
/etc/audit/audisp-remote.conf
remote_server =
$ sudo grep log_file /etc/audit/auditd.conf log_file = /var/log/audit/audit.log
$ sudo df -h /var/log/audit/ /dev/sda2 24G 10.4G 13.6G 43% /var/log/audit
disk_full_action = ACTION
single
syslog
halt
enable_krb5
enable_krb5 = yes
network_failure_action = ACTION
/etc/audit/auditd.conf
exec
auditd.conf
action_mail_acct =
space_left_action = ACTION
email
suspend
space_left = PERCENTAGE%