audit package contains the user-space utilities for creating audit rules. As well as for storing and searching the audit records generate by the audit subsystem in the Linux 2.6 kernel.
Examples usage of utilities:
Window 2 (you don't have to have the daemon running to try this, but
enabled has to be 1):
./auditctl -a entry,always -S open
./auditctl -d entry,always -S open
./auditctl -a exit,always -S all -F loginuid=2000
./auditctl -L 2000,"test uid"
What's New in This Release: [ read full changelog ]
· Add more interpretations in auparse for syscall parameters
· Add some interpretations to ausearch for syscall parameters
· In ausearch/report and auparse, allocate extra space for node names
· Update syscall tables for the 3.3.0 kernel
· Update libev to 4.0.4
· Reduce the size of some applications
· In auditctl, check usage against euid rather than uid