Auditd

Linux Audit Framework

Collection of articles about the Linux Audit Framework and how one might use this to configure and optimize the auditd configuration and use relevant tools.

How are auditd and Lynis different?

While both being active in the area of Linux auditing, auditd and Lynis have a different goal. This article explains the differences between both tools.

Tuning auditd: high-performance Linux Auditing

To achieve better performance with a auditd configuration, it needs to be tuned. See performance boosters like events exclusion, rule ordering, and more.

PCI DSS Linux: Creation and deletion of system-level objects

The PCI DSS standard defines Creation and deletion of system-level objects. For Linux systems this might be handled with the Linux audit framework.

Linux Audit Framework 101 – Basic Rules for Configuration

The Linux audit framework is a very powerful tool to monitor files, directories, and system calls. Learn how to configure it.

Linux audit: Log files in /var/log/audit

This article describes the purpose of the audit.log file in /var/log/audit and the relationship with the Linux audit framework.

Linux Audit Framework: using aureport

Guide regarding the aureport utility, including some aureport examples. Aureport helps with audit reports and is part of the Linux audit framework.

Configuring and auditing Linux systems with Audit daemon

Guide for auditing Linux systems by using the audit daemon and related utilities. This powerful audit framework has many possibilities for auditing Linux.