I've been testing a variant of the CIS benchmarks, supplemented (for compliance reasons) by the NIST USGCB baselines.
I've also been testing auditd with setuid/setgid binaries. Also as a potential replacement for aide (again, mostly compliance reasons). Your use of auditd rules depends a lot on your drivers for doing so, and your desired results. On 08/28/2015 04:12 PM, Alarie, Maxime wrote: > > > > Anyone ever implemented auditd by following the CIS standards > described here? > https://benchmarks.cisecurity.org/downloads/show-single/?file=suse11.110 > > > > Is it too restrictive? Not enough? Too much ressources consuming? I > would like some comments/opinions if possible. > > > > > > Many thanks. > > > > -- > Linux-audit mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/linux-audit
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
