审计所有命令

-a exit,always -F arch=b64 -S execve
-a exit,always -F arch=b32 -S execve

发送到syslog
sed -i 's/active = no/active = yes/g' /etc/audisp/plugins.d/syslog.conf

标签: Linux

添加新评论