Download Latest Version
audb.conf.5.gz (1.1 kB)
Get an email when there's a new version of Realtime DB support Plugin for Auditing
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| audb.conf | 2015-08-02 | 213 Bytes | |
| audb.conf.5.gz | 2015-08-02 | 1.1 kB | |
| audisp-db-config.c | 2015-08-02 | 14.5 kB | |
| audisp-db-config.h | 2015-08-02 | 2.1 kB | |
| audisp-db.c | 2015-08-02 | 9.7 kB | |
| audisp-db.conf | 2015-08-02 | 231 Bytes | |
| audit_db.sql | 2015-08-02 | 36.4 kB | |
| Makefile | 2015-08-02 | 456 Bytes | |
| README | 2015-08-02 | 2.4 kB | |
| Totals: 9 Items | 67.1 kB | 0 | |
This file contains description of audit database plugin version 1.0.
====================================================================
Audit database plugin send events in real time to the database.Presently there is support for only mysql database.In future it can be
extended to support multiple databases.A system administrator can configure this plugin to send events to local server or to a remote
database server.Database can also act as a centralize server .Different auditing system can send events to this centralized server and moreover it can uniquely distinguish each and every events and from which system it is coming.
INSTALL
====================================================================
1)You must have mysql database installed on your system.
2)run audit_db.sql file given in the package to create table in the database.
3)Moreover,the users must be given write permissions on the database.
3)Your mysql server must start before the audit daemon during after the boot process
If both are running on the same system so you can do it by changing the priority of the these services.
Otherwise you have to restart the audit daemon after system startup.
4)For installing this db plugin, just type "make" command or "make install"
5)For uninstalling this plugin, type "make clean" command.
4)To activate this plugin go to /etc/audisp/plugins.d/audisp-db.conf file
change "active=yes"
For more information about the options present in this file ,see the man page of "audispd"
5)For configuration to connect to the database server,you have to fill in the entries in /etc/audisp/audb.conf
For more information about the options present in this file ,see the man page of "audb"
SAMPLE EXAMPLE TO CONFIGURE DATABASE ON SINGLE SYSTEM
========================================================
a)You will need to create the initial database. Log into the root account like
this:
mysql -u root
b)Then create the database like this:
CREATE database AUDIT;
c)create a user to access this database:
GRANT ALL PRIVILEGES ON AUDIT.* TO USERNAME@'localhost' IDENTIFIED BY
'passwd';
of course do not use 'passwd' for your password.
d)Next you need to setup the tables. Exit the database shell. Run the following
command:
mysql -u USERNAME AUDIT -p < /usr/share/audit_db.sql
============================================================