On Fri, 2020-09-04 at 19:08 +0530, Rohit Nambiar wrote: > Hi all! > > Apologies if this topic has already been discussed before, I couldn't > find an easy way to sift through older archives. > > Is there an auditd rule set which offers a reasonable level of > security visibility and has been tested on enterprise production > systems? And if such a rule set can be shared here? > > I'm looking for a base document to deploy/modify for use within my > organization. Many thanks in advance.
consider: https://github.com/linux-audit/audit-userspace/tree/master/rules Depending on the age of your auditd, these examples may not work for you, so test and verify. Mark -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
