Auditing subsystems on SUSE, RHEL, and RHEL variants are very similar. There are some differences in configuration based on operating system and on architecture.
NOTE:For RHEL and SUSE platforms, configure the audit daemon in the /etc/audit/auditd.conf file.
Perform the following steps to configure auditing on a Linux computer:
(Conditional) For RHEL, run the following command to ensure that the auditd service is enabled:
# chkconfig auditd on
(Conditional) For SUSE, perform the following steps:
Check if the process is running by entering the command:.
# ps -ef | grep -i audit
In the command output, if the audit process is running in disabled mode, to start the process in enabled mode, enter the command # /sbin/auditd -s enable.
Ensure that the PID in the command output matches with the PID of the process enabled, by running the following command:
# auditctl -e 1
NOTE:After you upgrade from Security Agent for UNIX 7.4 to 7.5 version, remove the system calls from the /etc/audit/audit.rules file that might have been added for Security Agent for UNIX 7.4.
For agents that are running on Linux platforms, additional audit configuration is performed dynamically as Change Guardian policies are enabled and disabled.