Capture System Time Changes
I am using both the NISPOM and STIG rules for my audit.rules file. As
root, if I perform a system time change, it does not capture this
information in either /var/log/secure or var/log/audit/audit.log. How
can I capture when someone changes the time or attempts to change the
time?
Attachments:
- attachment.html (text/html — 1.7 KB)