I was at the BSides Portland security conference last weekend and I gave a presentation called “The Linux Audit Framework” there. I have put up the slides from the presentation on slideshare. I have also put up a file that implements the Center for Internet Security RHEL 6 Benchmark for audit rules. In addition, I have put up a document that is “Smith’s Audit Cheat Sheet”. It is what audit commands to run by analysts during first, second and third shift.