tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-31 01:24:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #29 from Samson-W/master

Browse Source 
Fix a bug and update how_to_deploy_audisp_remote_for_audit_log.mkd
This commit is contained in:
Samson.W 2021-07-16 01:02:21 +08:00 committed by GitHub
commit 8995b0c9db
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/configurations/manual-operation-docs/how_to_deploy_audisp_remote_for_audit_log.mkd
View File

@ -45,11 +45,17 @@ etc/audisp/audisp-remote.conf is inconsistent with the MAN document
queue_error_action. queue_error_action.
``` ```
If not record logs on local filesystem, Modify /etc/audit/auditd.conf: If not record logs on local filesystem, Modify /etc/audit/auditd.conf:
``` ```
write_logs = no write_logs = no
``` ```
Set name_format of /etc/audisp/audispd.conf to NUMERIC, in audit.log, the node will record the IP address:
```
name_format = NUMERIC
```
** Note: The IP address may be 127.0.1.1, please modify it in /etc/hosts. You can use hostname -i to check whether it is the correct address. **
### Restart service ### Restart service
Restart auditd service: Restart auditd service:
``` ```

2
lib/utils.sh
View File

@ -459,7 +459,7 @@ is_kernel_option_enabled() {
is_a_partition() { is_a_partition() {
local PARTITION=$1 local PARTITION=$1
FNRET=128 FNRET=128
if $(grep "[[:space:]]*${PARTITION}[[:space:]]*" /etc/fstab | grep -vqE "^#"); then if $(grep "[[:space:]]*${PARTITION}[[:space:]].*" /etc/fstab | grep -vqE "^#"); then
debug "$PARTITION found in fstab" debug "$PARTITION found in fstab"
FNRET=0 FNRET=0
else else