Download
| Alert*
Ensure auditd backlog limit is set in grub config
Backlog limit represents the number of logs it will hold. Rationale: During boot if audit=1, then the backlog will hold specified number of records. If records more than are created during boot, auditd records will be lost and potential malicious activity could go undetected.
|