SUSE Linux Enterprise Server Documentation Security Guide > ◀ ▶

Part VI. The Linux Audit Framework

Contents

31. Understanding Linux Audit

31.1. Introducing the Components of Linux Audit
31.2. Configuring the Audit Daemon
31.3. Controlling the Audit System Using auditctl
31.4. Passing Parameters to the Audit System
31.5. Understanding the Audit Logs and Generating Reports
31.6. Querying the Audit Daemon Logs with ausearch
31.7. Analyzing Processes with autrace
31.8. Visualizing Audit Data
31.9. Relaying Audit Event Notifications

32. Setting Up the Linux Audit Framework

32.1. Determining the Components to Audit
32.2. Configuring the Audit Daemon
32.3. Enabling Audit for System Calls
32.4. Setting Up Audit Rules
32.5. Configuring Audit Reports
32.6. Configuring Log Visualization

33. Introducing an Audit Rule Set

33.1. Adding Basic Audit Configuration Parameters
33.2. Adding Watches on Audit Log Files and Configuration Files
33.3. Monitoring File System Objects
33.4. Monitoring Security Configuration Files and Databases
33.5. Monitoring Miscellaneous System Calls
33.6. Filtering System Call Arguments
33.7. Managing Audit Event Records Using Keys

34. Useful Resources

SUSE Linux Enterprise Server Security Guide 11 SP4

SUSE Linux Enterprise Server Documentation Security Guide > ◀ ▶