Skip to content

sbousseaden/auditd

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
 
 
 
 
 
 

Repository files navigation

    ___             ___ __      __
   /   | __  ______/ (_) /_____/ /
  / /| |/ / / / __  / / __/ __  / 
 / ___ / /_/ / /_/ / / /_/ /_/ /  
/_/  |_\__,_/\__,_/_/\__/\__,_/   

Best Practice Auditd Configuration

Idea

The idea of this auditd configuration is to provide a basic configuration that

  • works out-of-the-box on all major Linux distributions
  • fits most use cases
  • produces a reasonable amount of log data
  • covers security relevant activity
  • is easy to read (different sections, many comments)

Sources

The configuration is based on the following sources

Gov.uk auditd rules alphagov/puppet-auditd#1

CentOS 7 hardening https://highon.coffee/blog/security-harden-centos-7/#auditd---audit-daemon

Linux audit repo https://github.com/linux-audit/audit-userspace/tree/master/rules

Auditd high performance linux auditing https://linux-audit.com/tuning-auditd-high-performance-linux-auditing/

Further rules

Not all of these rules have been included.

For PCI DSS compliance see: https://github.com/linux-audit/audit-userspace/blob/master/rules/30-pci-dss-v31.rules

For NISPOM compliance see: https://github.com/linux-audit/audit-userspace/blob/master/rules/30-nispom.rules

Contribution

Please contribute your changes as pull requests

About

Best Practice Auditd Configuration

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published