diff options
Diffstat (limited to 'documentation/content/en/books/handbook/audit/_index.adoc')
| -rw-r--r-- | documentation/content/en/books/handbook/audit/_index.adoc | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/documentation/content/en/books/handbook/audit/_index.adoc b/documentation/content/en/books/handbook/audit/_index.adoc index de259728d9..0b6ae95166 100644 --- a/documentation/content/en/books/handbook/audit/_index.adoc +++ b/documentation/content/en/books/handbook/audit/_index.adoc @@ -93,7 +93,7 @@ auditd_enable="YES" Then, start the audit daemon: -[source,bash] +[source,shell] .... # service auditd start .... @@ -307,7 +307,7 @@ Since audit trails are stored in the BSM binary format, several built-in tools a For example, to dump the entire contents of a specified audit log in plain text: -[source,bash] +[source,shell] .... # praudit /var/audit/AUDITFILE .... @@ -333,7 +333,7 @@ XML output format is also supported and can be selected by including `-x`. Since audit logs may be very large, a subset of records can be selected using `auditreduce`. This example selects all audit records produced for the user `trhodes` stored in [.filename]#AUDITFILE#: -[source,bash] +[source,shell] .... # auditreduce -u trhodes /var/audit/AUDITFILE | praudit .... @@ -344,7 +344,7 @@ Members of the `audit` group have permission to read audit trails in [.filename] Audit pipes are cloning pseudo-devices which allow applications to tap the live audit record stream. This is primarily of interest to authors of intrusion detection and system monitoring applications. However, the audit pipe device is a convenient way for the administrator to allow live monitoring without running into problems with audit trail file ownership or log rotation interrupting the event stream. To track the live audit event stream: -[source,bash] +[source,shell] .... # praudit /dev/auditpipe .... @@ -368,7 +368,7 @@ It is easy to produce audit event feedback cycles, in which the viewing of each Audit trails are written to by the kernel and managed by the audit daemon, man:auditd[8]. Administrators should not attempt to use man:newsyslog.conf[5] or other tools to directly rotate audit logs. Instead, `audit` should be used to shut down auditing, reconfigure the audit system, and perform log rotation. The following command causes the audit daemon to create a new audit log and signal the kernel to switch to using the new log. The old log will be terminated and renamed, at which point it may then be manipulated by the administrator: -[source,bash] +[source,shell] .... # audit -n .... |