Anyone,
Does anyone know where I can find documentation on how to configure auditd?
Any help would be appreciated, I need auditd to log the following events:
1) Failed attempts to access files and programs.
2) Users attempts to deleted files and programs.
3) All administrative actions.
4) All security actions.
5) Successful and unsuccessful use of privileged commands.
6) Application and session initiation.
7) All uses of the chown command.
I know these sound kind of vage, but if anyone if familiar with DISA
they should know what I am talking about. Initially we were using LaUS
under RHEL3, but with RHEL4, we are dead in the water.
Again any help would be really appreciated, Javier Godinez