Audit package includes tools for generating audit rules in the user-space.
To use the utilities, users can follow these general instructions. In window 1, type "./auditd." Then, in window 2, you can try out a few things. For instance, you don't need to have the daemon running, but you need to make sure that the daemon is enabled. To do this, type "./auditctl -s." You can also add audit rules using "./auditctl -a entry,always -S open" and see the list of classes and system calls by typing "ls." If you want to delete an audit rule, enter "./auditctl -d entry,always -S open."
Another useful feature of the Audit Package is identity tracking. To track user identity, type "./auditctl -a exit,always -S all -F loginuid=2000," while to check the UID, enter "./auditctl -L 2000,"test UID." With these commands and features, the Audit Package proves to be an all-around excellent package for auditing and providing comprehensive security.
Version 2.0.3: N/A