-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdefault.yml
48 lines (48 loc) · 1020 Bytes
/
default.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
---
auditd_packages:
- audit
auditd_defaults:
action_mail_acct: root
admin_space_left: 50
admin_space_left_action: SUSPEND
disk_error_action: SUSPEND
disk_full_action: SUSPEND
dispatcher: /sbin/audispd
disp_qos: lossy
enable_krb5: False
flush: INCREMENTAL
freq: 20
# krb5_key_file: /etc/audit/audit.key
krb5_principal: auditd
log_file: /var/log/audit/audit.log
log_format: RAW
log_group: root
max_log_file: 6
max_log_file_action: ROTATE
# name: mydomain
name_format: NONE
num_logs: 5
priority_boost: 4
space_left: 75
space_left_action: SYSLOG
tcp_client_max_idle: 0
# tcp_client_ports: 1024-65535
# tcp_listen_port: 60
tcp_listen_queue: 5
tcp_max_per_addr: 1
use_libwrap: True
audispd_defaults:
max_restarts: 10
name_format: HOSTNAME
overflow_action: SYSLOG
priority_boost: 4
q_depth: 150
syslog_defaults:
active: no
args: LOG_INFO
direction: out
format: string
path: builtin_syslog
type: builtin
auditd_os_supported: yes
audisp_not_plugin: yes