System information
Option Description
should be prepended to the new audit security
database files.
v Optional. Specifies verbose output.
Table 5.1.
4. Return Values
When AuditVerify is used, one of the following codes is returned:
Return Value Description
0 Indicates that the signed audit log has been
successfully verified.
1 Indicates that there was an error while the tool
was running.
2 Indicates that one or more invalid signatures
were found in the specified file, meaning that
at least one of the log files could not be
verified.
Table 5.2.
5. Usage
After a separate audit database directory has been configured, do the following:
1. Create a text file containing a comma-separated list of the log files to be verified. The name
of this file is referenced in the AuditVerify command.
For example, this file could be logListFile in the /etc/audit directory. The contents are
the comma-separated list of audit logs to be verified, such as "auditlog.1213,
auditlog.1214, auditlog.1215."
2. If the audit databases do not contain prefixes and are located in the user home directory,
such as /usr/home/smith/.redhat, and the signing certificate nickname is
“auditsigningcert”, the AuditVerify command is run as follows:
AuditVerify -d /usr/home/smith/.redhat -n auditsigningcert -a
/etc/audit/logListFile -P "" -v
Return Values
19