47 Useful resources #
There are other resources available containing valuable information about the Linux audit framework:
- The audit manual pages
There are several man pages installed along with the audit tools that provide valuable and detailed information:
auditd(8)
The Linux audit daemon
auditd.conf(5)
The Linux audit daemon configuration file
auditctl(8)
A utility to assist controlling the kernel's audit system
autrace(8)
A program similar to
strace
ausearch(8)
A tool to query audit daemon logs
aureport(8)
A tool that produces summary reports of audit daemon logs
- https://people.redhat.com/sgrubb/audit/index.html
The home page of the Linux audit project. This site contains several specifications relating to different aspects of Linux audit, and a short FAQ.
/usr/share/doc/packages/audit
The audit package itself contains a README with basic design information and sample
.rules
files for different scenarios:capp.rules
: Controlled Access Protection Profile (CAPP)lspp.rules
: Labeled Security Protection Profile (LSPP)nispom.rules
: National Industrial Security Program Operating Manual Chapter 8(NISPOM)stig.rules
: Secure Technical Implementation Guide (STIG)- https://www.commoncriteriaportal.org/
The official Web site of the Common Criteria project. Learn all about the Common Criteria security certification initiative and which role audit plays in this framework.