17 lines
848 B
Plaintext
17 lines
848 B
Plaintext
Audit for Slackware
|
|
|
|
The Linux Auditing System is a kernel subsystem the allows the kernel to
|
|
record events of interest to intrusion detection systems, such as file
|
|
access attempts, specific system calls, or custom events generated by
|
|
trusted system binaries like login or sshd. The audit package provides the
|
|
tools to configure the audit system, and to collect and process its output.
|
|
|
|
To collect audit events, your kernel must have the audit system enabled,
|
|
which is present in the stock Slackware kernels.
|
|
|
|
The audit package has no other dependencies. However, certain audit events
|
|
of interest, such as failed login attempts from /bin/login, password changes,
|
|
etcetera are generated by their respective binaries using libaudit. If your
|
|
site policy requires auditing those events, some reconfiguration and/or
|
|
patching may be required.
|