Auditctl

Logging root actions by capturing execve system calls

audit
audit.rules
auditctl

Logging all actions performed by root might be needed for compliance or security. With the help of Linux audit we log all root actions easy in an audit log.

Tuning auditd: high-performance Linux Auditing

accounting
auditctl
auditd
auditd.conf
performance
tuning

To achieve better performance with a auditd configuration, it needs to be tuned. See performance boosters like events exclusion, rule ordering, and more.

Linux Audit Framework 101 – Basic Rules for Configuration

audit
audit.rules
auditctl
auditd
auditd.conf
ausearch

The Linux audit framework is a very powerful tool to monitor files, directories, and system calls. Learn how to configure it.