36 Useful Resources #
There are other resources available containing valuable information about the Linux audit framework:
- The Audit Manual Pages
There are several man pages installed along with the audit tools that provide valuable and very detailed information:
auditd(8)
The Linux audit daemon
auditd.conf(5)
The Linux audit daemon configuration file
auditctl(8)
A utility to assist controlling the kernel's audit system
autrace(8)
A program similar to strace
ausearch(8)
A tool to query audit daemon logs
aureport(8)
A tool that produces summary reports of audit daemon logs
audispd.conf(5)
The audit event dispatcher configuration file
audispd(8)
The audit event dispatcher daemon talking to plug-in programs.
- http://people.redhat.com/sgrubb/audit/index.html
The home page of the Linux audit project. This site contains several specifications relating to different aspects of Linux audit, and a short FAQ.
/usr/share/doc/packages/audit
The audit package itself contains a README with basic design information and sample
.rules
files for different scenarios:capp.rules
: Controlled Access Protection Profile (CAPP)lspp.rules
: Labeled Security Protection Profile (LSPP)nispom.rules
: National Industrial Security Program Operating Manual Chapter 8(NISPOM)stig.rules
: Secure Technical Implementation Guide (STIG)- https://www.commoncriteriaportal.org/
The official Web site of the Common Criteria project. Learn all about the Common Criteria security certification initiative and which role audit plays in this framework.