hello,
you can easily do an encrypted
/var/log/auditlog partition
and save the logs there
Am 26. November 2018 19:37:36 MEZ schrieb Richard Guy Briggs <rgb(a)redhat.com>:
On 2018-11-24 17:37, Ranran wrote:
> Hello,
>
> Is there a way to encrypt the auditd logs which are saved to disk?
> The system need to save logs from local into disk (not a remote
> connection), but it should be saved encryped. Is there a way to do
it?
The easy answer is that any system that is configured to use full disk
encryption (LUKS is the default one on many distros.) will give you
that
automatically.
You have not provided more detail to know if this is what you had in
mind or would be sufficient for your requirements. If you require the
daemon to write to encrypted log files, then you may be out of luck.
> ran
- RGB
--
Richard Guy Briggs <rgb(a)redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit