Linux Audit

   

Up

Download:

The latest is 2.7.8, released Sept 18, 2017.
ChangeLog

Need kernel headers >= 2.6.30

audit-2.7.8.tar.gz

audit-2.7.7.tar.gz


RHEL-5

audit-1.8-1.src.rpm need glibc-kernheaders>=3.0

audit-1.8.tar.gz need new headers

audit-1.7.18-1.src.rpm need glibc-kernheaders>=3.0

audit-1.7.18.tar.gz need new headers


RHEL-4

audit-1.0.16-1.src.rpm need glibc-kernheaders>=2.4-9.1.95

audit-1.0.16.tar.gz need new headers

You can compile the source rpm like this:
rpmbuild --rebuild audit-1.0.16-1.src.rpm

 

Future Direction

2.8.X - Improved Remote Logging
2.9.X - Prepare audit for realtime analysis
3.0.X - Reactive component for IPS

Technical Resources

github
git clone https://github.com/linux-audit/audit-userspace.git or browse audit code

Mail List
There is a mail list to discuss the linux audit system. Please join if you have any questions or like this topic.

IRC
We have #audit on freenode

Blog
Security + Data Science

Specs
The specifications have moved to github.

Log Visualization Tool
audit-explorer

Helpful Diagrams
A diagram showing Audit System State
A diagram of fields in common events Event Fields

Presentations:
Updated version of the 2007 Red Hat Summit slides about audit system and layering an IDS/IPS on it
Presentation given at Red Hat Summit 2008 about audit system and the prelude plugin
Presentation given at Red Hat Summit 2007 about audit system and layering an IDS/IPS on it
Slides from audit BoFs at SE Linux Symposium 2007
Slides from audit BoFs at SE Linux Symposium 2006

FAQ
Audit System FAQ (old)

Test Suites
ausearch-test-0.5
audit-validation-0.1

SVN (deprecated)
svn co http://svn.fedorahosted.org/svn/audit
or browse audit code