Anyone ever implemented auditd  by following the CIS standards described here?  https://benchmarks.cisecurity.org/downloads/show-single/?file=suse11.110

 

Is it too restrictive?  Not enough?  Too much ressources consuming?  I would like some comments/opinions if possible.

 

 

Many thanks.