Logging and Audit Settings and Descriptions

GPO Name Description
SELinux

SELinux puts in place mandatory access control using the Linux Security Modules, or LSM, in the Linux kernel. The security architecture, which is based on the principle of least privilege, provides fine-grained control over the users and processes that are allowed to access a system or execute commands on it.

SELinux can secure processes from each other. For example, if you have a public web server that is also acting as a DNS server, SELinux can isolate the two processes so that a vulnerability in the web server process does not expose access to the DNS server.
SysLog

A syslog policy can help you manage, troubleshoot, and audit your systems. You can log different facilities, such as cron, daemon, and auth, and you can use priority levels and filters to collect messages.

The policy can import syslog, rsyslog, and syslog-ng configuration files. There are options to replace or append to the current configuration.

If Apply Policy is set to Always (default), any changes to managed system files on the agent system will be replaced when group policy is next applied. If a managed system file is edited or removed, gpupdate will recreate the file on policy refresh. If set to Once, any changes to managed system files on the agent system will only be replaced when the policy is updated or gpagent is restarted.

Backups of existing system files are performed before initial policy application.
LogRotate

To help you manage, troubleshoot, and archive your system's log files, you can create a group policy to configure and customize your log-rotation daemon.

For example, you can choose to use either a logrotate or logrotate.d file, specify the maximum size before rotation, compress old log files, and set an address for emailing log files and error messages. You can also enter commands to run before and after rotation.

If Apply Policy is set to Always (default), any changes to managed system files on the agent system will be replaced when group policy is next applied. If a managed system file is edited or removed, gpupdate will recreate the file on policy refresh. If set to Once, any changes to managed system files on the agent system will only be replaced when the policy is updated or gpagent is restarted.

Backups of existing system files are performed before initial policy application.