audit_log_user_command - Linux
Overview
audit_log_user_command is a powerful Linux command used to configure and manage user command audit logging within the Linux Audit Framework. It allows administrators to specify which user commands should be subject to auditing and the specific details to be recorded.
Syntax
audit_log_user_command [--list] [--add <command>] [--delete <command>] [--all] [--profile <profile>]
Options/Flags
--list
: Lists all user command audit rules currently configured.--add <command>
: Adds a new user command audit rule for the specified command.--delete <command>
: Deletes the user command audit rule for the specified command.--all
: Adds or removes audit rules for all user commands.--profile <profile>
: Uses the specified SELinux profile to determine which commands should be audited.
Examples
List User Command Audit Rules
audit_log_user_command --list
Add User Command Audit Rule
audit_log_user_command --add ls -a -l
Delete User Command Audit Rule
audit_log_user_command --delete ls
Add Rules for All Commands Using a Profile
audit_log_user_command --all --profile base
Common Issues
- Error: Command not found: Ensure that the specified command exists on the system.
- Permission denied: Verify that the user running the command has sufficient permissions to configure audit settings.
Integration
audit_log_user_command can be integrated with other commands and tools for advanced audit tasks:
- Use with auditctl to view and modify audit settings.
- Combine with auditd to start, stop, and manage the audit daemon.
- Integrate into scripts or command chains to automate audit configuration management.
Related Commands
- auditctl: Manage audit controls and settings.
- auditd: Audit daemon responsible for enforcing audit policies.