Auditctl articles

Last change: 2025-01-06

Linux is powerful with the help of small utilities like lsof and strace. They help with monitoring disk and file activity, of new and running processes.

Commands:

auditctl
ausearch
lsof
ltrace
strace

Logging root actions by capturing execve system calls

Last change: 2025-01-06

Logging all actions performed by root might be needed for compliance or security. With the help of Linux audit we log all root actions easy in an audit log.

Commands:

auditctl

Tuning auditd: high-performance Linux Auditing

Last change: 2025-01-06

To achieve better performance with a auditd configuration, it needs to be tuned. See performance boosters like events exclusion, rule ordering, and more.

Commands:

auditctl
aureport

Linux Audit Framework 101 – Basic Rules for Configuration

Last change: 2025-01-06

The Linux audit framework is a very powerful tool to monitor files, directories, and system calls. Learn how to configure it.

Monitoring Linux File access, Changes and Data Modifications

Last change: 2025-01-06

Linux has several methods available to protect your valuable data. With the right tool we can audit file access, including changes.

Commands:

auditctl
ausearch
ausyscall