cron
and at
pam_apparmor
There are other resources available containing valuable information about the Linux audit framework:
There are several man pages installed along with the audit tools that provide valuable and very detailed information:
auditd(8)
The Linux audit daemon
auditd.conf(5)
The Linux audit daemon configuration file
auditctl(8)
A utility to assist controlling the kernel's audit system
autrace(8)
A program similar to strace
ausearch(8)
A tool to query audit daemon logs
aureport(8)
A tool that produces summary reports of audit daemon logs
audispd.conf(5)
The audit event dispatcher configuration file
audispd(8)
The audit event dispatcher daemon talking to plug-in programs.
The home page of the Linux audit project. This site contains several specifications relating to different aspects of Linux audit, and a short FAQ.
/usr/share/doc/packages/audit
The audit package itself contains a README with basic design
information and sample .rules
files for different
scenarios:
capp.rules : Controlled Access Protection Profile (CAPP) |
lspp.rules : Labeled Security Protection Profile (LSPP) |
nispom.rules : National Industrial Security Program Operating
Manual Chapter 8(NISPOM) |
stig.rules : Secure Technical Implementation Guide (STIG) |
The official Web site of the Common Criteria project. Learn all about the Common Criteria security certification initiative and which role audit plays in this framework.