Open-AudIT
https://www.open-audit.org/phpBB3/

schedule audits with systemd & RHEL 7
https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6417
Page 1 of 1

Author:  shanimal [ Fri Mar 20, 2015 2:03 am ]
Post subject:  schedule audits with systemd & RHEL 7

Here is one way to schedule a daily audit in RedHat Enterprise Linux 7 using systemd

Copy the audit_linux.sh file to /usr/share

change the permissions so that the root user has full access:

chmod +rx /usr/share/audit_linux.sh
chown root /usr/share/audit_linux.sh
chgrp root /usr/share/audit_linux.sh


Create an OpenAudit Service file at the following location /usr/lib/systemd/system/OpenAudit.service

include the following three sections: Unit, Service & Install

[Unit]
Description=OpenAudit

[Service]
Type=simple
ExecStart=/usr/share/audit_linux.sh

[Install]
WantedBy=multi.user.target


Create an OA.timer file at the following location /usr/lib/systemd/system/OA.timer

include the following three sections: Unit, Timer & Install

[Unit]
Description=Daily audit

[Timer]
OnCalendar=*-*-* 10:50:01
Unit=OpenAudit.service

[Install]
WantedBy=multi.user.target


note this will audit daily at 10:50am. If you want to audit weekly try this line instead:

OnCalendar=weekly

This will audit every week at 00:00:00 on Monday

Now activate and set to always be running using the following two commands

systemctl enable OA.timer
systemctl start OA.timer


To check status:

systemctl status OA.timer

The instructions should be similar with any OS that has access to systemd

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/