Package audit

User space tools for 2.6 kernel auditing

http://people.redhat.com/sgrubb/audit/

The audit package contains the user space utilities for
storing and searching the audit records generate by
the audit subsystem in the Linux 2.6 kernel.

File Formats (Section 5)
audispd.conf
audispd.conf is the file that controls the configuration of the audit event dispatcher. Each line should contain one configuration keyword, an equal sign, and...
auditd.conf
The file /etc/audit/auditd.conf contains configuration information specific to the audit daemon. Each line should contain one configuration keyword, an equal...
ausearch-expression
This man page describes the format of "ausearch expressions". Parsing and evaluation of these expressions is provided by libauparse and is common to...
Miscellanea (Section 7)
audit.rules
audit.rules is a file containing audit rules that will be loaded by the audit daemon's init script whenever the daemon is started. The auditctl program is used...
System Administration (Section 8)
audispd
audispd is an audit event multiplexor. It has to be started by the audit daemon in order to get events. It takes audit events and distributes them to child...
auditctl
The auditctl program is used to configure kernel options related to auditing, to see status of the configuration, and to load discretionary audit rules.
auditd
auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk. Viewing the logs is done with the...
augenrules
augenrules is a script that merges all component audit rules files, found in the audit rules directory, /etc/audit/rules.d, placing the merged file in...
aulast
aulast is a program that prints out a listing of the last logged in users similarly to the program last and lastb. Aulast searches back through the audit logs...
aulastlog
aulastlog is a program that prints out the last login for all users of the local machine similar to the way lastlog does. The login-name, port, and last login...
aureport
aureport is a tool that produces summary reports of the audit system logs. The aureport utility can also take input from stdin as long as the input is the raw...
ausearch
ausearch is a tool that can query the audit daemon logs based for events based on different search criteria. The ausearch utility can also take input from stdin...
ausyscall
ausyscall is a program that prints out the mapping from syscall name to number and reverse for the given arch. The arch can be anything returned by `uname -m`...
autrace
autrace is a program that will add the audit rules to trace a process similar to strace. It will then execute the program passing arguments to it. The resulting...
auvirt
auvirt shows a list of guest sessions found in the audit logs. If a guest is specified, only the events related to that guest is considered. To specify a guest...