system call auditing
Hi all,
this is what i have read in the book "Ubuntu the complete reference by richard petersen" The Linux Auditing System provides system call auditing. You can download and install it from the Ubuntu universe repository. The auditing is performed by a server called auditd, with logs saved to the /var/log/audit directory. It is designed to complement SELinux, which saves its messages to the auditd log in the /var/log/audit/audit.log file. Logs are located at /var/log/audit. The audit package includes the auditd server and three commands: autrace, ausearch, and auditctl. You use ausearch to query the audit logs. You can control the behavior of the auditd server with the auditctl tool. now my question is when and where/ pratical situations this sort of auditing is used ? |
Quote:
Code:
# modify_ldt and module syscalls Code:
-w /tmp -p wx -k watch-wx-tmp |
All times are GMT -5. The time now is 11:47 PM. |