How To Install audispd-plugins on CentOS 8

audispd-plugins is Plugins for the audit event dispatcher

Introduction

In this tutorial we learn how to install audispd-plugins on CentOS 8.

What is `audispd-plugins`

The audispd-plugins package provides plugins for the real-time interface to the audit system, audispd. These plugins can do things like relay events to remote machines.

We can use yum or dnf to install audispd-plugins on CentOS 8. In this tutorial we discuss both methods but you only need to choose one of method to install audispd-plugins.

Install audispd-plugins on CentOS 8 Using dnf

Update yum database with dnf using the following command.

sudo dnf makecache --refresh

The output should look something like this:

CentOS Linux 8 - AppStream                                       43 kB/s | 4.3 kB     00:00    
CentOS Linux 8 - BaseOS                                          65 kB/s | 3.9 kB     00:00    
CentOS Linux 8 - ContinuousRelease                               43 kB/s | 3.0 kB     00:00    
CentOS Linux 8 - Extras                                          23 kB/s | 1.5 kB     00:00    
CentOS Linux 8 - FastTrack                                       40 kB/s | 3.0 kB     00:00    
CentOS Linux 8 - HighAvailability                                36 kB/s | 3.9 kB     00:00    
CentOS Linux 8 - Plus                                            24 kB/s | 1.5 kB     00:00    
CentOS Linux 8 - PowerTools                                      50 kB/s | 4.3 kB     00:00    
Extra Packages for Enterprise Linux Modular 8 - x86_64           13 kB/s | 9.2 kB     00:00    
Extra Packages for Enterprise Linux 8 - x86_64                   24 kB/s | 8.5 kB     00:00    
Metadata cache created.

After updating yum database, We can install audispd-plugins using dnf by running the following command:

sudo dnf -y install audispd-plugins

Install audispd-plugins on CentOS 8 Using yum

Update yum database with yum using the following command.

sudo yum makecache --refresh

The output should look something like this:

CentOS Linux 8 - AppStream                                       43 kB/s | 4.3 kB     00:00    
CentOS Linux 8 - BaseOS                                          65 kB/s | 3.9 kB     00:00    
CentOS Linux 8 - ContinuousRelease                               43 kB/s | 3.0 kB     00:00    
CentOS Linux 8 - Extras                                          23 kB/s | 1.5 kB     00:00    
CentOS Linux 8 - FastTrack                                       40 kB/s | 3.0 kB     00:00    
CentOS Linux 8 - HighAvailability                                36 kB/s | 3.9 kB     00:00    
CentOS Linux 8 - Plus                                            24 kB/s | 1.5 kB     00:00    
CentOS Linux 8 - PowerTools                                      50 kB/s | 4.3 kB     00:00    
Extra Packages for Enterprise Linux Modular 8 - x86_64           13 kB/s | 9.2 kB     00:00    
Extra Packages for Enterprise Linux 8 - x86_64                   24 kB/s | 8.5 kB     00:00    
Metadata cache created.

After updating yum database, We can install audispd-plugins using yum by running the following command:

sudo yum -y install audispd-plugins

How To Uninstall audispd-plugins on CentOS 8

To uninstall only the audispd-plugins package we can use the following command:

sudo dnf remove audispd-plugins

audispd-plugins Package Contents on CentOS 8

/etc/audit/audisp-remote.conf
/etc/audit/plugins.d/au-remote.conf
/etc/audit/plugins.d/syslog.conf
/sbin/audisp-remote
/sbin/audisp-syslog
/usr/lib/.build-id
/usr/lib/.build-id/cc
/usr/lib/.build-id/cc/cd7067494db15fb313b9424adb34ab37c183a3
/usr/lib/.build-id/f0
/usr/lib/.build-id/f0/d3e55de7a0335659a2632aff851f17e63b1d7d
/usr/share/man/man5/audisp-remote.conf.5.gz
/usr/share/man/man8/audisp-remote.8.gz
/usr/share/man/man8/audisp-syslog.8.gz
/var/spool/audit

References

audispd-plugins website

Summary

In this tutorial we learn how to install audispd-plugins on CentOS 8 using yum and dnf.