Ausearch

Linux Audit Framework 101 – Basic Rules for Configuration

The Linux audit framework is a very powerful tool to monitor files, directories and system calls. It helps with troubleshooting, accounting and intrusion detection.

Summary of Linux Audit Framework 101 – Basic Rules for Configuration

Starting with Linux auditing can be overwhelming. Fortunately, there is a great feature in the Linux kernel to watch events and log them for us. To give you a quick start to use the Linux Audit Framework, we have collected some basic rules for configuring the audit daemon and its rules. Main Configuration By default the configuration values in /etc/audit/audit.conf are suitable for most systems. If you know your system is very low or very high (e.

Read the full article…