Tuning auditd: High Performance Linux Auditing

High Performance Linux Auditing Tuning Linux auditd for high performance auditing The Linux Audit framework is a powerful tool to audit system events. From running executables up to system calls, everything can be logged. However, all this audit logging comes at the price of performance. In this article we have a look how we can optimize our audit rules, and keep our Linux system running smoothly. Good auditd performance will reduce stress on the Linux kernel and lower its impact. […]

Read more

Linux Audit Framework 101 – Basic Rules for Configuration

Linux Audit Framework 101 Basic Rules for Configuration Starting with Linux auditing can be overwhelming. Fortunately there is a great tool available to tell the Linux kernel to watch some events and log them for us. To give you a quick start to use the Linux Audit Framework, we have collected some basic rules for configuring the audit daemon and its rules. Main Configuration By default the configuration values in /etc/audit/audit.conf are suitable for most systems. If you know your […]

Read more

Lynis stuck during testing

Introduction Normal Lynis scans take a few minutes to complete, therefore any test taking more than 1 minute, might be stuck during its test. Within this article we have a look at a few things you can do. Stuck When a particular test is taking a long time, the test might be stuck. However, that’s not always the case. To determine what Lynis is doing, open up a second terminal and start with running ps aux to see what processes […]

Read more