Linux command
auditd 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
Start
sudo auditd
Stop
sudo auditd -s stop
Rotate
sudo auditd -s rotate
Example
sudo auditd -f
说明
auditd is the Linux Audit daemon that collects audit events from the kernel and writes them to disk. It's part of the Linux Audit framework for tracking security-relevant events. The daemon logs file accesses, system calls, authentication events, and other activities based on configured rules.
参数
- -f
- Run in foreground (don't daemonize)
- -l
- Allow only one copy running
- -n
- Don't fork (for systemd compatibility)
- -s _action_
- Send signal to daemon (stop, term, cont, rotate, resume)
FAQ
What is the auditd command used for?
auditd is the Linux Audit daemon that collects audit events from the kernel and writes them to disk. It's part of the Linux Audit framework for tracking security-relevant events. The daemon logs file accesses, system calls, authentication events, and other activities based on configured rules.
How do I run a basic auditd example?
Run `sudo auditd` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -f do in auditd?
Run in foreground (don't daemonize)