There are other resources available containing valuable information about the Linux audit framework:
There are several man pages installed along with the audit tools that provide valuable and very detailed information:
auditd(8)
The Linux Audit daemon
auditd.conf(5)
The Linux Audit daemon configuration file
auditctl(8)
A utility to assist controlling the kernel's audit system
autrace(8)
A program similar to strace
ausearch(8)
A tool to query audit daemon logs
aureport(8)
A tool that produces summary reports of audit daemon logs
audispd.conf(5)
The audit event dispatcher configuration file
The home page of the Linux audit project. This site contains several specifications relating to different aspects of Linux audit, as well as a short FAQ.
/usr/share/doc/packages/audit
The audit package itself contains a README with basic design
information and sample .rules
files for different
scenarios:
capp.rules : Controlled Access Protection Profile (CAPP) |
lspp.rules : Labeled Security Protection Profile (LSPP) |
nispom.rules : National Industrial Security Program Operating
Manual Chapter 8(NISPOM) |
stig.rules : Secure Technical Implementation Guide (STIG) |
The official Web site of the Common Criteria project. Learn all about the Common Criteria security certification initiative and which role audit plays in this framework.