Auditd articles

Last change: 2025-03-12

Collection of articles about the Linux Audit Framework and how one might use this to configure and optimize the auditd configuration and use relevant tools.

Last change: 2025-03-12

While both being active in the area of Linux auditing, auditd and Lynis have a different goal. This article explains the differences between both tools.

Last change: 2025-03-16

To achieve better performance with a auditd configuration, it needs to be tuned. See performance boosters like events exclusion, rule ordering, and more.

Last change: 2025-03-12

The PCI DSS standard defines Creation and deletion of system-level objects. For Linux systems this might be handled with the Linux audit framework.

Last change: 2025-03-12

The Linux audit framework is a very powerful tool to monitor files, directories, and system calls. Learn how to configure it.

Last change: 2025-03-12

This article describes the purpose of the audit.log file in /var/log/audit and the relationship with the Linux audit framework.

Last change: 2025-03-12

Guide regarding the aureport utility, including some aureport examples. Aureport helps with audit reports and is part of the Linux audit framework.

Last change: 2025-03-16

Guide for auditing Linux systems by using the audit daemon and related utilities. This powerful audit framework has many possibilities for auditing Linux.