anom messages
Steve Grubb
sgrubb at redhat.com
Thu May 24 16:35:18 UTC 2018
Hello,
On Thursday, May 24, 2018 11:06:11 AM EDT Maupertuis Philippe wrote:
> The redhat security guide in annex B2 reads :
> All Audit event types prepended with ANOM are intended to be processed by
> an intrusion detection program. All Audit event types prepended with RESP
> are intended responses of an intrusion detection system in case it detects
> malicious activity on the system.
>
> Can you point me towards an intrusion detection program able to manage
> these audit records.
It is in development but not ready to merge into the audit-userspace repo.
This is why I added some more event types in this area a couple months ago.
It is targeted for the audit-3.1 release along with a bunch of new audit
rules to assist in its job. Audit 3.1 should be late summer or fall of this
year.
-Steve
More information about the Linux-audit
mailing list