½Ã½ºÅÛÀ» °¨½ÃÇÏ´Â µ¥¸óÀ¸·Î ¼³Á¤µÈ Rule¿¡ ÀÇÇØ ·Î±×¸¦ ±â·ÏÇÑ´Ù.
audit·ÎÀÎÇØ »ý¼ºµÈ ·Î±×ÆÄÀÏÀº aureport¿¡ ÀÇÇØ º¸°í¼¸¦ »ý¼ºÇØ È®Àΰ¡´ÉÇÏ´Ù.
1,2¹øÀº Å×½ºÆ®¸¦ À§ÇØ SSH Á¢¼Ó ½ÃµµÇغ» ·Î±×À̸ç 3¹øÀº Á¦3ÀÚ¿¡ ÀÇÇØ Á¢¼ÓÀ» ½ÃµµÇÑ ·Î±×ÀÔ´Ï´Ù.
# aureport --help
usage: aureport [options]
-a,--avc Avc report
-au,--auth Authentication report
-c,--config Config change report
-cr,--crypto Crypto report
-e,--event Event report
-f,--file File name report
--failed only failed events in report
-h,--host Remote Host name report
--help help
-i,--interpret Interpretive mode
-if,--input <Input File name> use this file as input
--input-logs Use the logs even if stdin is a pipe
-l,--login Login report
-k,--key Key report
-m,--mods Modification to accounts report
-ma,--mac Mandatory Access Control (MAC) report
--node <node name> Only events from a specific node
-n,--anomaly aNomaly report
-p,--pid Pid report
-r,--response Response to anomaly report
-s,--syscall Syscall report
--success only success events in report
--summary sorted totals for main object in report
-t,--log Log time range report
-te,--end [end date] [end time] ending date & time for reports
-tm,--terminal TerMinal name report
-ts,--start [start date] [start time] starting data & time for reports
--tty Report about tty keystrokes
-u,--user User name report
-v,--version Version
-x,--executable eXecutable name report
If no report is given, the summary report will be displayed
