Linux Admin Reference – Configuring Auditd in RedHat Enterprise Linux
Guidelines to Implement Audit Rules: – Consolidate your rules where possible. – The system call rules are loaded into a matching engine that intercepts each syscall that all programs on the system makes. – It is very important to only use syscall rules when you have...