Security Auditd Config for Enterprises
Christian, Mark
mark.christian at intel.com
Fri Sep 4 15:27:48 UTC 2020
On Fri, 2020-09-04 at 19:08 +0530, Rohit Nambiar wrote:
> Hi all!
>
> Apologies if this topic has already been discussed before, I couldn't
> find an easy way to sift through older archives.
>
> Is there an auditd rule set which offers a reasonable level of
> security visibility and has been tested on enterprise production
> systems? And if such a rule set can be shared here?
>
> I'm looking for a base document to deploy/modify for use within my
> organization. Many thanks in advance.
consider:
https://github.com/linux-audit/audit-userspace/tree/master/rules
Depending on the age of your auditd, these examples may not work for
you, so test and verify.
Mark
More information about the Linux-audit
mailing list