Documentation
>
Security Guide
>
◀
---
Part V.
The Linux Audit Framework
Contents
30. Understanding Linux Audit
30.1. Introducing the Components of Linux Audit
30.2. Configuring the Audit Daemon
30.3. Controlling the Audit System Using auditctl
30.4. Passing Parameters to the Audit System
30.5. Understanding the Audit Logs and Generating Reports
30.6. Querying the Audit Daemon Logs with ausearch
30.7. Analyzing Processes with autrace
30.8. Visualizing Audit Data
30.9. Relaying Audit Event Notifications
31. Setting Up the Linux Audit Framework
31.1. Determining the Components to Audit
31.2. Configuring the Audit Daemon
31.3. Enabling Audit for System Calls
31.4. Setting Up Audit Rules
31.5. Configuring Audit Reports
31.6. Configuring Log Visualization
32. Introducing an Audit Rule Set
32.1. Adding Basic Audit Configuration Parameters
32.2. Adding Watches on Audit Log Files and Configuration Files
32.3. Monitoring File System Objects
32.4. Monitoring Security Configuration Files and Databases
32.5. Monitoring Miscellaneous System Calls
32.6. Filtering System Call Arguments
32.7. Managing Audit Event Records Using Keys
33. Useful Resources