An XCCDF Group - A logical subset of the XCCDF Benchmark
/var/log/audit/audit.log
auditd
/var/log/audit
/var
remote_server
/etc/audisp/audisp-remote.conf
remote_server =
disk_full_action = ACTION
single
syslog
halt
enable_krb5
enable_krb5 = yes
network_failure_action = ACTION
audisp-remote
audispd
active
/etc/audisp/plugins.d/au-remote.conf
yes
$ sudo service auditd restart
direction
out
path
/sbin/audisp-remote
type
always
/etc/audisp/plugins.d/syslog.conf
/etc/audit/auditd.conf
disk_error_action = ACTION
exec
auditd.conf
action_mail_acct =
admin_space_left_action = ACTION
suspend
flush =
max_log_file = STOREMB
6
max_log_file_action = ACTION
ignore
rotate
keep_logs
ACTION
num_logs = NUMLOGS
space_left = SIZE_in_MB
space_left_action = ACTION
email
space_left = PERCENTAGE%
freq
local_events
log_format
ENRICHED
name_format
/etc/audisp/audispd.conf
overflow_action
write_logs