Statements (54)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:Chaos
|
| gptkbp:can |
login attempts
kernel events network access system events application events system resource usage system configuration changes process execution /var/log/audit/audit.log file modifications system shutdowns system startups user privilege escalations |
| gptkbp:can_be_configured_for |
specific events
audit.rules audit rules |
| gptkbp:can_be_extended_by |
plugins
|
| gptkbp:can_create |
audit reports
|
| gptkbp:can_send_alerts |
to email
to syslog |
| gptkbp:configuration |
/etc/audit/auditd.conf
|
| gptkbp:developed_by |
gptkb:Linux_Foundation
|
| https://www.w3.org/2000/01/rdf-schema#label |
auditd
|
| gptkbp:integrates_with |
gptkb:SELinux
|
| gptkbp:is_compatible_with |
gptkb:systemd
|
| gptkbp:is_managed_by |
auditctl
ausearch aureport |
| gptkbp:is_monitored_by |
external tools
|
| gptkbp:is_part_of |
security compliance
Linux security audit subsystem |
| gptkbp:is_supported_by |
various distributions
|
| gptkbp:is_used_for |
compliance auditing
|
| gptkbp:is_used_in |
incident response
security monitoring forensics |
| gptkbp:is_used_to |
detect anomalies
track changes enforce policies |
| gptkbp:monitors |
user actions
file access system calls |
| gptkbp:operating_system |
gptkb:Linux
|
| gptkbp:provides |
audit logging
|
| gptkbp:security |
file permissions
access control lists SELinux policies |
| gptkbp:supports |
real-time monitoring
|
| gptkbp:uses |
gptkb:investigation
|
| gptkbp:written_in |
gptkb:C
|
| gptkbp:bfsParent |
gptkb:SELinux_Reference_Policy
|
| gptkbp:bfsLayer |
5
|