Enable Auditing for Processes Which Start Prior to the Audit Daemon
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Description
To ensure all processes can be audited, even those which start
prior to the audit daemon, add the argument audit=1
to the default
GRUB 2 command line for the Linux operating system.
Configure the default Grub2 kernel command line to contain audit=1 as follows:
# grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) audit=1"
Rationale
Each process on the system carries an “auditable” flag which indicates whether
its activities can be audited. Although auditd
takes care of enabling
this for all processes which launch after it does, adding the kernel argument
ensures it is set for every process during boot.