Linux Audit Framework
The Linux audit framework provides auditing system that is CAPP compliant. It enables the system administrator to capture and collect events on the system, including those interesting for security purposes. It may help tracking changes and actions that are being performed on the system.
While the framework does not make the system itself more secure, it helps greatly with security monitoring and in-depth auditing of events.
Configuring and auditing Linux systems with Audit daemon
Guide for auditing Linux systems by using the audit daemon and related utilities. This powerful audit framework has many possibilities for auditing Linux.
Linux Audit Framework 101 – Basic Rules for Configuration
The Linux audit framework is a very powerful tool to monitor files, directories, and system calls. Learn how to configure it.
Linux Audit Framework: using aureport
Guide regarding the aureport utility, including some aureport examples. Aureport helps with audit reports and is part of the Linux audit framework.
Linux audit log: dealing with audit.log file
Article to deal with the Linux audit log file and how to use it. Including tips to search events and safeguard it against unintended alteration of the log.
Tuning auditd: high-performance Linux Auditing
To achieve better performance with a auditd configuration, it needs to be tuned. See performance boosters like events exclusion, rule ordering, and more.