Configuring Audit Settings on Red Hat

30 minutes
  • 4 Learning Objectives

About this Hands-on Lab

In this lab, we will take a look at setting up auditing services on a Red Hat host. We will configure low space email alerting, limit logging space used, and limit the number of audit buffers. The overall goal of this lab is to control the amount of space our audit logs are using and to use email alerting in order to prevent a partition from filling up.

*This course is not approved or sponsored by Red Hat.*

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Configure the auditd service to start automatically at boot
  1. Run the following command to ensure auditd starts automatically at boot:

    systemctl enable auditd
Setup low disk space email alerts
  1. Edit the /etc/audit/auditd.conf file and set:
    • space_left = 100
    • space_left_action = email
Restrict the disk space used by the audit logs
  1. Edit the /etc/audit/auditd.conf file and set the max_log_file and the num_logs values so their multiplied value is equal to 300 MB.
    • Example:
      • max_log_file could be set to "30" and num_logs could be set to "10".
  2. Save and exit the file.
Limit the number of audit buffers used by the system
  1. Edit the file /etc/audit/rules.d/audit.rules and change the line showing -b 8192 to -b 5120.
  2. Lastly, restart the auditd service

    service auditd restart

Additional Resources

In an effort to increase your organizations security posture, you've been asked to implement auditing on a Red Hat host as a test. You'll need to configure auditd settings to meet the following requirements:

  • The auditd service must start automatically at boot.
  • Set up low disk space alerts to email root when there is 100 MB of free space left on the disk.
  • Restrict the disk space used by the audit logs to 300 MB.
  • Limit the number of audit buffers used by the system to 5120.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?