Auditd: Difference between revisions
m remove duplicates internal links |
m automatic correction by IA |
||
| Line 4: | Line 4: | ||
<!-- Once discussion is closed, please place on talk page: {{Old AfD multi|page=Auditd|date=27 September 2016|result='''keep'''}} --> | <!-- Once discussion is closed, please place on talk page: {{Old AfD multi|page=Auditd|date=27 September 2016|result='''keep'''}} --> | ||
<!-- End of AfD message, feel free to edit beyond this point --> {{⚠️🚨COPIED from en.EverybodyWiki ❗❕⚠️😡😤Please respect Licence CC-BY-SA ❗}} | <!-- End of AfD message, feel free to edit beyond this point --> {{⚠️🚨COPIED from en.EverybodyWiki ❗❕⚠️😡😤Please respect Licence CC-BY-SA ❗}} | ||
Auditd (The Linux Audit daemon) is the userspace component | Auditd (The Linux Audit daemon) is the userspace component of the Linux Auditing System. | ||
It | It is responsible for writing audit records to the disk. Viewing the logs is done with the ausearch or aureport utilities. Configuring the audit rules is done with the auditctl utility. During startup, the rules in /etc/audit/audit.rules are read by auditctl. The audit daemon itself has some configuration options that the administrator may wish to customize. They are found in the auditd.conf file.<ref>http://linux.die.net/man/8/auditd</ref> | ||
The Linux Audit system provides a way to track security-relevant information on your system. Based on pre-configured rules, Audit generates log entries to record as much information about the events that are happening on your system as possible. This information is crucial for mission-critical environments to determine the violator of the security policy and the actions they performed. Audit does not provide additional security to your system; rather, it can be used to discover violations of security policies used on your system. These violations can further be prevented by additional security measures such as SELinux. | The Linux Audit system provides a way to track security-relevant information on your system. Based on pre-configured rules, Audit generates log entries to record as much information about the events that are happening on your system as possible. This information is crucial for mission-critical environments to determine the violator of the security policy and the actions they performed. Audit does not provide additional security to your system; rather, it can be used to discover violations of security policies used on your system. These violations can further be prevented by additional security measures such as SELinux. | ||
'''The following list summarizes some of the information that Audit is capable of recording in its log files: | '''The following list summarizes some of the information that Audit is capable of recording in its log files:''' | ||
''' | |||
* Date and time, type, and outcome of an event. | * Date and time, type, and outcome of an event. | ||
* Sensitivity labels of subjects and objects. | * Sensitivity labels of subjects and objects. | ||
| Line 19: | Line 18: | ||
* Include or exclude events based on user identity, subject and object labels, and other attributes. | * Include or exclude events based on user identity, subject and object labels, and other attributes. | ||
'''The use of the Audit system is also a requirement for a number of security-related certifications. Audit is designed to meet or exceed the requirements of the following certifications or compliance guides:''' | '''The use of the Audit system is also a requirement for a number of security-related certifications. Audit is designed to meet or exceed the requirements of the following certifications or compliance guides:''' | ||
*Controlled Access Protection Profile (CAPP) | * Controlled Access Protection Profile (CAPP) | ||
*Labeled Security Protection Profile (LSPP) | * Labeled Security Protection Profile (LSPP) | ||
*Rule Set Base Access Control (RSBAC) | * Rule Set Base Access Control (RSBAC) | ||
*National Industrial Security Program Operating Manual (NISPOM) | * National Industrial Security Program Operating Manual (NISPOM) | ||
*Federal Information Security Management Act (FISMA) | * Federal Information Security Management Act (FISMA) | ||
*Payment Card Industry — Data Security Standard (PCI-DSS) | * Payment Card Industry — Data Security Standard (PCI-DSS) | ||
*Security Technical Implementation Guides (STIG)<ref>https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/chap-system_auditing.html</ref> | * Security Technical Implementation Guides (STIG)<ref>https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/chap-system_auditing.html</ref> | ||
==References== | ==References== | ||
| Line 34: | Line 33: | ||
* | * | ||
* | * | ||
[[Category:Linux]] {{Source Wikipedia}} | [[Category:Linux]] {{Source Wikipedia}} | ||
Latest revision as of 05:56, 19 January 2026
This article may meet Wikipedia's criteria for speedy deletion as a copyright infringement(Copyvios report) of https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/chap-system_auditing.html (Duplication Detector report · Copyvios report). This criterion applies only in unequivocal cases, where there is no free-content material on the page worth saving and no later edits requiring attribution – for more complicated situations, see Wikipedia:Copyright violations. See CSD G12.
If this article does not meet the criteria for speedy deletion, or you intend to fix it, please remove this notice, but do not remove this notice from pages that you have created yourself. If you created this page and you disagree with the given reason for deletion, you can click the button below and leave a message explaining why you believe it should not be deleted. You can also visit the talk page to check if you have received a response to your message. Note that once tagged with this notice, this article may be deleted at any time if it unquestionably meets the speedy deletion criteria, or if an explanation posted to the talk page is found to be insufficient. Note to page author: you have not edited the article talk page yet. If you wish to contest this speedy deletion, clicking the button above will allow you to leave a talk page message explaining why you think this article should not be deleted. If you have already posted to the talk page but this message is still showing up, try purging the page cache. Note to administrators: If declining the request due to not meeting the criteria please consider whether there are still copyright problems with the page and if so, see these instructions for cleanup, or list it at Wikipedia:Copyright problems. Please be sure that the source of the alleged copyright violation is not itself a Wikipedia mirror. Also, ensure the submitter of this page has been notified about our copyright policy.Administrators: check links, history (last), and logs before deletion. Consider checking Google. This page was last edited by WikiMasterBot2 (contribs | logs) at 05:56, 19 January 2026 (UTC) (5 months ago) |
Auditd (The Linux Audit daemon) is the userspace component of the Linux Auditing System.
It is responsible for writing audit records to the disk. Viewing the logs is done with the ausearch or aureport utilities. Configuring the audit rules is done with the auditctl utility. During startup, the rules in /etc/audit/audit.rules are read by auditctl. The audit daemon itself has some configuration options that the administrator may wish to customize. They are found in the auditd.conf file.[1]
The Linux Audit system provides a way to track security-relevant information on your system. Based on pre-configured rules, Audit generates log entries to record as much information about the events that are happening on your system as possible. This information is crucial for mission-critical environments to determine the violator of the security policy and the actions they performed. Audit does not provide additional security to your system; rather, it can be used to discover violations of security policies used on your system. These violations can further be prevented by additional security measures such as SELinux. The following list summarizes some of the information that Audit is capable of recording in its log files:
- Date and time, type, and outcome of an event.
- Sensitivity labels of subjects and objects.
- Association of an event with the identity of the user who triggered the event.
- All modifications to Audit configuration and attempts to access Audit log files.
- All uses of authentication mechanisms, such as SSH, Kerberos, and others.
- Changes to any trusted database, such as /etc/passwd.
- Attempts to import or export information into or from the system.
- Include or exclude events based on user identity, subject and object labels, and other attributes.
The use of the Audit system is also a requirement for a number of security-related certifications. Audit is designed to meet or exceed the requirements of the following certifications or compliance guides:
- Controlled Access Protection Profile (CAPP)
- Labeled Security Protection Profile (LSPP)
- Rule Set Base Access Control (RSBAC)
- National Industrial Security Program Operating Manual (NISPOM)
- Federal Information Security Management Act (FISMA)
- Payment Card Industry — Data Security Standard (PCI-DSS)
- Security Technical Implementation Guides (STIG)[2]
References
This article "Auditd" is from Wikipedia. The list of its authors can be seen in its historical. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.
