get_auditfail_action - Linux
Overview
get_auditfail_action retrieves the current audit failure action setting from the Linux kernel. This action determines the system’s response when an audit record fails to be written to disk.
Syntax
get_auditfail_action
Options/Flags
None.
Examples
Simple Example:
get_auditfail_action
Output:
never
This indicates that audit failure messages will not be written to disk.
Complex Example:
if get_auditfail_action | grep -q never; then
echo "Audit failure messages are not being logged to disk."
else
echo "Audit failure messages are being logged to disk."
fi
This script checks if audit failure messages are being logged to disk.
Common Issues
- Error message: "audit: get_auditfail_action: Permission denied": Ensure that you have root privileges to run this command.
Integration
get_auditfail_action can be combined with other commands to perform advanced tasks, such as:
get_auditfail_action | awk '{print $2}'
This command prints only the audit failure action setting.
Related Commands
- set_auditfail_action: Sets the audit failure action.
- auditctl: Configures and operates the audit system.