The audit package contains the user space utilities for
storing and searching the audit records generated by
the audit subsystem in the Linux 2.6 and later kernels.
audispd.conf audispd.conf is the file that controls the configuration of the audit event dispatcher. Each line should contain one configuration keyword, an equal sign, and... auditd.conf The file /etc/audit/auditd.conf contains configuration information specific to the audit daemon. Each line should contain one configuration keyword, an equal... ausearch-expression This man page describes the format of "ausearch expressions". Parsing and evaluation of these expressions is provided by libauparse and is common to... audit.rules audit.rules is a file containing audit rules that will be loaded by the audit daemon's init script whenever the daemon is started. The auditctl program is used... audispd audispd is an audit event multiplexor. It has to be started by the audit daemon in order to get events. It takes audit events and distributes them to child... auditctl The auditctl program is used to configure kernel options related to auditing, to see status of the configuration, and to load discretionary audit rules. auditd auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk. Viewing the logs is done with the... augenrules augenrules is a script that merges all component audit rules files, found in the audit rules directory, /etc/audit/rules.d, placing the merged file in... aulast aulast is a program that prints out a listing of the last logged in users similarly to the program last and lastb. Aulast searches back through the audit logs... aulastlog aulastlog is a program that prints out the last login for all users of the local machine similar to the way lastlog does. The login-name, port, and last login... aureport aureport is a tool that produces summary reports of the audit system logs. The aureport utility can also take input from stdin as long as the input is the raw... ausearch ausearch is a tool that can query the audit daemon logs based for events based on different search criteria. The ausearch utility can also take input from stdin... ausyscall ausyscall is a program that prints out the mapping from syscall name to number and reverse for the given arch. The arch can be anything returned by `uname -m`... autrace autrace is a program that will add the audit rules to trace a process similar to strace. It will then execute the program passing arguments to it. The resulting... auvirt auvirt shows a list of guest sessions found in the audit logs. If a guest is specified, only the events related to that guest is considered. To specify a guest...