Linux Audit

   

Up

Download:

The audit package is no longer being distributed from this page. Get the latest release directly from github. The historical releases will still be here for the time being. The last one distributed from this page was released on Aug 08, 2024.
ChangeLog

audit-4.0.2.tar.gz

audit-4.0.1.tar.gz


RHEL-9

The latest maintenance release is 3.1.5, released July 29, 2024.

audit-3.1.5.tar.gz

audit-3.1.4.tar.gz


RHEL-7

audit-2.8.5.tar.gz

audit-1.7.18.tar.gz

 

Future Direction

4.1.X - IDS / IPS
4.2.X - TLS for remote logging, (maybe container support)

Technical Resources

github
git clone https://github.com/linux-audit/audit-userspace.git or browse audit code

Mail List
The mail list was migrated to https://lists.linux-audit.osci.io (as of Nov 6, 2023).
Besides the archives at the new website, archives can also be found here:
https://marc.info/?l=linux-audit&r=1&w=2
https://lore.kernel.org/linux-audit

IRC
We have #audit on libera.chat

Blog
Security + Data Science

Specs
The specifications have moved to github.

Log Visualization Tool
audit-explorer

Helpful Diagrams
A diagram showing Audit System State
A diagram of fields in common events Event Fields

Presentations:
Presentation from 2018 devconf about the audit log normalizer
Updated version of the 2007 Red Hat Summit slides about audit system and layering an IDS/IPS on it
Presentation given at Red Hat Summit 2008 about audit system and the prelude plugin
Presentation given at Red Hat Summit 2007 about audit system and layering an IDS/IPS on it
Slides from audit BoFs at SE Linux Symposium 2007
Slides from audit BoFs at SE Linux Symposium 2006

FAQ
Audit System FAQ (old)

Test Suites
ausearch-test-0.6
audit-validation-0.1