On Monday 02 May 2005 15:47, Javier Godinez wrote: > Does anyone know where I can find documentation on how to configure auditd? The only documentation that exists right now is in the auditd package. Try using the auditd.conf & auditctl man pages. > Any help would be appreciated, I need auditd to log the following events: If you have a kernel with the right patches most of these should work. We are still looking at the filesystem auditing pieces. > they should know what I am talking about. Initially we were using LaUS > under RHEL3, but with RHEL4, we are dead in the water. The audit system for RHEL4 is not delivered yet. It takes both kernel patches and patches to several user space packages. Its all being worked on. -Steve Grubb