auditd
SKILL.md
auditd
Linux Audit Framework reference — kernel-level security auditing.
Commands
| Command | Description |
|---|---|
intro |
What is auditd, architecture, quick start |
rules |
auditctl watches, syscall rules, filters |
config |
auditd.conf settings, rotation, disk actions |
search |
ausearch by key, time, user, file |
report |
aureport summaries, login, auth, file |
logs |
audit.log format, field meanings |
compliance |
CIS benchmark and PCI-DSS rules |
tools |
auditctl, audit2allow, aulast, autrace |