Auditd

URI: https://gptkb.org/entity/Auditd
GPTKB entity
Statements (64)
Predicate Object
gptkbp:instance_of gptkb:government_agency
gptkbp:bfsLayer 5
gptkbp:bfsParent gptkb:RHEL_5
gptkbp:can_be user activity
authentication attempts
file access
system errors
system updates
network connections
system performance metrics
system events
kernel messages
application access
system configuration changes
system reboots
file deletions
system service status changes
system shutdowns
user logins
user permissions changes
gptkbp:can_be_extended_by custom plugins
gptkbp:can_create alerts
gptkbp:developed_by Linux community
https://www.w3.org/2000/01/rdf-schema#label Auditd
gptkbp:is_available_on most Linux distributions
gptkbp:is_compatible_with gptkb:computer
gptkbp:is_documented_in man pages
gptkbp:is_integrated_with SIEM systems
log management tools
gptkbp:is_monitored_by security information and event management (SIEM) tools
gptkbp:is_part_of gptkb:operating_system
incident response
security monitoring
security auditing
system hardening
gptkbp:is_related_to SE Linux
gptkbp:is_supported_by gptkb:audit_daemon
gptkbp:is_used_by system administrators
security analysts
gptkbp:is_used_for gptkb:accountability
regulatory compliance
policy enforcement
forensic analysis
monitoring system calls
gptkbp:is_used_in security compliance
gptkbp:is_used_to detect intrusions
track changes in system files
gptkbp:managed_by auditctl
ausearch
aureport
gptkbp:provides audit logs
gptkbp:reports_to audit events
/var/log/audit/audit.log
gptkbp:requires root privileges
gptkbp:setting log specific events
audit.rules
ignore certain events
log failed login attempts
log to remote servers
rotate logs
gptkbp:supports real-time monitoring
gptkbp:track network access
process execution
file modifications