Introduction
In this tutorial we learn how to install audispd-plugins
on CentOS 8.
What is audispd-plugins
The audispd-plugins package provides plugins for the real-time interface to the audit system, audispd. These plugins can do things like relay events to remote machines.
We can use yum
or dnf
to install audispd-plugins
on CentOS 8. In this tutorial we discuss both methods but you only need to choose one of method to install audispd-plugins.
Install audispd-plugins on CentOS 8 Using dnf
Update yum database with dnf
using the following command.
sudo dnf makecache --refresh
The output should look something like this:
CentOS Linux 8 - AppStream 43 kB/s | 4.3 kB 00:00
CentOS Linux 8 - BaseOS 65 kB/s | 3.9 kB 00:00
CentOS Linux 8 - ContinuousRelease 43 kB/s | 3.0 kB 00:00
CentOS Linux 8 - Extras 23 kB/s | 1.5 kB 00:00
CentOS Linux 8 - FastTrack 40 kB/s | 3.0 kB 00:00
CentOS Linux 8 - HighAvailability 36 kB/s | 3.9 kB 00:00
CentOS Linux 8 - Plus 24 kB/s | 1.5 kB 00:00
CentOS Linux 8 - PowerTools 50 kB/s | 4.3 kB 00:00
Extra Packages for Enterprise Linux Modular 8 - x86_64 13 kB/s | 9.2 kB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 24 kB/s | 8.5 kB 00:00
Metadata cache created.
After updating yum database, We can install audispd-plugins
using dnf
by running the following command:
sudo dnf -y install audispd-plugins
Install audispd-plugins on CentOS 8 Using yum
Update yum database with yum
using the following command.
sudo yum makecache --refresh
The output should look something like this:
CentOS Linux 8 - AppStream 43 kB/s | 4.3 kB 00:00
CentOS Linux 8 - BaseOS 65 kB/s | 3.9 kB 00:00
CentOS Linux 8 - ContinuousRelease 43 kB/s | 3.0 kB 00:00
CentOS Linux 8 - Extras 23 kB/s | 1.5 kB 00:00
CentOS Linux 8 - FastTrack 40 kB/s | 3.0 kB 00:00
CentOS Linux 8 - HighAvailability 36 kB/s | 3.9 kB 00:00
CentOS Linux 8 - Plus 24 kB/s | 1.5 kB 00:00
CentOS Linux 8 - PowerTools 50 kB/s | 4.3 kB 00:00
Extra Packages for Enterprise Linux Modular 8 - x86_64 13 kB/s | 9.2 kB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 24 kB/s | 8.5 kB 00:00
Metadata cache created.
After updating yum database, We can install audispd-plugins
using yum
by running the following command:
sudo yum -y install audispd-plugins
How To Uninstall audispd-plugins on CentOS 8
To uninstall only the audispd-plugins
package we can use the following command:
sudo dnf remove audispd-plugins
audispd-plugins Package Contents on CentOS 8
/etc/audit/audisp-remote.conf
/etc/audit/plugins.d/au-remote.conf
/etc/audit/plugins.d/syslog.conf
/sbin/audisp-remote
/sbin/audisp-syslog
/usr/lib/.build-id
/usr/lib/.build-id/cc
/usr/lib/.build-id/cc/cd7067494db15fb313b9424adb34ab37c183a3
/usr/lib/.build-id/f0
/usr/lib/.build-id/f0/d3e55de7a0335659a2632aff851f17e63b1d7d
/usr/share/man/man5/audisp-remote.conf.5.gz
/usr/share/man/man8/audisp-remote.8.gz
/usr/share/man/man8/audisp-syslog.8.gz
/var/spool/audit
References
Summary
In this tutorial we learn how to install audispd-plugins
on CentOS 8 using yum and dnf.