felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

report - Add Auditd information

Browse source
This commit is contained in:
Stoppedpuma 2024-06-07 21:31:17 +02:00 committed by Alex
parent 491cb28f2a
commit 1eaf24c965
1 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
docs/report.md
View file

@ -16,6 +16,16 @@ If this command produce nothing, try:
aa-log -s -R aa-log -s -R
``` ```
If the log file is empty, check that Auditd is running:
```sh
sudo systemctl status auditd.service
```
If Auditd is disabled aa-log will not have new results, you can enable Auditd by doing the following command:
```sh
sudo systemctl enable auditd.service --now
```
You can get more logs with: You can get more logs with:
1. `aa-log -R -s` that will provide all apparmor logs since boot time (if journalctl collect them) 1. `aa-log -R -s` that will provide all apparmor logs since boot time (if journalctl collect them)