How To Install auditd on Kali Linux

One-liner install command

For those in a hurry, here's a one-line installation command:

sudo apt-get update && sudo apt -y install auditd

But if you are interested in the detailed steps with descriptions, the following information is for you.

What is auditd and what are the ways to install it?

Before beginning this tutorial, you will need access to a server or computer running Kali Linux. This guide was written specifically with a server running Kali Linux in mind, although it should also work on older, supported versions of the operating system.

Also, make sure you are running a regular, non-root user with sudo privileges configured on your server. When you have an account available, log in as your non-root user to begin.

There are several ways to install auditd on Kali Linux. You can use (links are clickable):

In the following sections, we will describe each method in detail. You can choose one of them or refer to the recommended one.

Install auditd using apt-get

First, update apt database with apt-get using the following command.

sudo apt-get update

After updating apt-get database, You can install auditd using apt by running the following command:

sudo apt -y install auditd

Install auditd using apt

Because auditd is available in Kali Linux’s default repositories, it is possible to install it from these repositories using the apt packaging system.

To begin, update apt database with apt using the following command.

sudo apt update

After updating apt database, You can install auditd using apt by running the following command:

sudo apt -y install auditd

Install auditd using aptitude

If you want to follow this method, you might need to install aptitude first since aptitude is usually not installed by default on Kali Linux. Update apt database with aptitude using the following command.

sudo aptitude update

After updating aptitude database, You can install auditd by running the following command:

sudo aptitude -y install auditd

How to upgrade (update) a single package auditd using apt-get?

First, you will need to update packages index. Run update command as usual:

sudo apt-get update

Next, to upgrade only the auditd, e.g. single package, you should use the following format with the apt-get command/apt command:

sudo apt-get --only-upgrade install auditd

Note that this command will not install any new packages! If you wish to install the package if it doesn't exist you may leave out --only-upgrade part.

sudo apt-get install auditd

How To Uninstall auditd from Kali Linux

To uninstall only the auditd package you can execute the following command:

sudo apt-get remove auditd

Uninstall auditd and all its dependencies

To uninstall auditd and its dependencies that are no longer needed by Kali Linux, you can use the command below:

sudo apt-get -y autoremove auditd

Remove auditd with all configurations and data

To remove auditd configuration and data from your system you can run the following purge command:

sudo apt-get -y purge auditd

Remove auditd completely (configurations, data and all of its dependencies)

And lastly, you can run the next command to remove absolutely everything related to auditd package, e.g.: configurations, data and all of its dependencies. Just use this command:

sudo apt-get -y autoremove --purge auditd

Extra info and code examples

The audit package contains the user space utilities for storing and searching the audit records generated by the audit subsystem in the Linux 2.6 kernel. Also contains the audit dispatcher "audisp".

Conclusion

You now have a full guide on how to install auditd using apt, apt-get and aptitude tools. Also, we showed how to update as a single package and different ways to uninstall the auditd from Kali Linux.

See also: