0
I'm running AuditD on Centos 6.5.
Is there a way to audit server reboots - who and when a server is rebooted? So if I login and run:
sudo reboot
I should see a log entry in /var/log/audit/audit.log with something like this:
type=CMD msg=audit(1484758210.821:630): user pid=2361 uid=101 auid=101 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 exe="/sbin/reboot"