Linux system auditing by Example

Think you have a secure Linux system? Following best practices during installation and setup is a must, but if you haven't set up regular system auditing, you're missing half the picture. This article discusses some existing tools and offers a couple of sample scripts to automate the process in a real-world environment.

Many articles and books have been written on how to install a secure Linux system. But once the system has been installed to meet security requirements, only half the battle is won. The second half involves ensuring that the system continues to meet its security requirements throughout its lifetime (and that you can prove it). This means that periodic system auditing is required to make sure that nothing goes wrong.