til
til copied to clipboard
Published
20 hours ago •
xluffy
xluffy
Linux Audit Daemon - Best Practice Configuration
# ___ ___ __ __
# / | __ ______/ (_) /_____/ /
# / /| |/ / / / __ / / __/ __ /
# / ___ / /_/ / /_/ / / /_/ /_/ /
# /_/ |_\__,_/\__,_/_/\__/\__,_/
#
# Linux Audit Daemon - Best Practice Configuration
# /etc/audit/audit.rules
#
# Compiled by Florian Roth
#
# Created : 2017/12/05
# Modified : 2020/11/17
#
Gov.uk auditd rules
- https://github.com/gds-operations/puppet-auditd/pull/1
- CentOS 7 hardening: https://highon.coffee/blog/security-harden-centos-7/#auditd---audit-daemon
- Linux audit repo: https://github.com/linux-audit/audit-userspace/tree/master/rules
- Auditd high performance linux auditing: https://linux-audit.com/tuning-auditd-high-performance-linux-auditing/
Further rules
- For PCI DSS compliance see: https://github.com/linux-audit/audit-userspace/blob/master/rules/30-pci-dss-v31.rules
- For NISPOM compliance see: https://github.com/linux-audit/audit-userspace/blob/master/rules/30-nispom.rules
Ref
- https://github.com/linux-audit/audit-userspace
- https://github.com/Neo23x0/auditd/blob/master/audit.rules
