Published at LXer:
The 2.6 Linux kernel comes with a very flexible and powerful auditing subsystem called auditd. auditd is composed of two parts. The main work is done in kernel-space. In user-land, auditd is listening for generated audit events. auditd is able to log file-watches as well as syscalls. All LSM-based subsystems–for example, SELinux–are logging via auditd as well.
Read More...