AUDITD(8) AUDITD(8) auditd - auditd [-f] [-l] [-n] [-s disable|enable|nochange] [-c <_>] auditd . . ausearch aureport. auditctl. /etc/audit/audit.rules auditctl . augenrules /etc/audit/rules.d/ audit.rules. . auditd.conf. -f . stderr . -l . -n . inittab systemd. -s=_ auditd . ENABLE_STATE "disable" () "enable" () "nochange" ( ). ( auditd). auditd 'auditctl -e'. -c . . (: /etc/audit/) SIGHUP auditd. auditd . . DAEMON_CONFIG . space_left_action admin_space_left_action disk_full_action disk_error_action auditd.conf. SIGTERM auditd . SIGUSR1 auditd . max_log_file_action . SIGUSR2 auditd . . . SIGCONT auditd /run/audit/auditd.state. 1 pid pid . 2 4 6 /etc/audit/auditd.conf - /etc/audit/audit.rules - /etc/audit/rules.d/ - augenrules. /etc/audit/plugins.d/ - . /etc/audit/audit-stop.rules - . /run/audit/auditd.state - . audit=1 . . audisp-remote. tcp_wrappers . hosts.allow hosts.deny. auditd.conf(5) auditd-plugins(5) ausearch(8) aureport(8) auditctl(8) augenrules(8) audit.rules(7). Steve Grubb 3 . . : . 2021 AUDITD(8)