How To Install auditd on Debian 9

In this tutorial we learn how to install auditd on Debian 9. auditd is User space tools for security auditing

Introduction

In this tutorial we learn how to install auditd on Debian 9.

What is auditd

auditd is:

The audit package contains the user space utilities for storing and searching the audit records generated by the audit subsystem in the Linux 2.6 kernel.

Also contains the audit dispatcher “audisp”.

There are three methods to install auditd on Debian 9. We can use apt-get, apt and aptitude. In the following sections we will describe each method. You can choose one of them.

Install auditd Using apt-get

Update apt database with apt-get using the following command.

sudo apt-get update

After updating apt database, We can install auditd using apt-get by running the following command:

sudo apt-get -y install auditd

Install auditd Using apt

Update apt database with apt using the following command.

sudo apt update

After updating apt database, We can install auditd using apt by running the following command:

sudo apt -y install auditd

Install auditd Using aptitude

If you want to follow this method, you might need to install aptitude first since aptitude is usually not installed by default on Debian. Update apt database with aptitude using the following command.

sudo aptitude update

After updating apt database, We can install auditd using aptitude by running the following command:

sudo aptitude -y install auditd

How To Uninstall auditd on Debian 9

To uninstall only the auditd package we can use the following command:

sudo apt-get remove auditd

Uninstall auditd And Its Dependencies

To uninstall auditd and its dependencies that are no longer needed by Debian 9, we can use the command below:

sudo apt-get -y autoremove auditd

Remove auditd Configurations and Data

To remove auditd configuration and data from Debian 9 we can use the following command:

sudo apt-get -y purge auditd

Remove auditd configuration, data, and all of its dependencies

We can use the following command to remove auditd configurations, data and all of its dependencies, we can use the following command:

sudo apt-get -y autoremove --purge auditd

Dependencies

auditd have the following dependencies:

References

Summary

In this tutorial we learn how to install auditd package on Debian 9 using different package management tools: apt, apt-get and aptitude.