Re: CIS and audit rules
I've been testing a variant of the CIS benchmarks, supplemented (for
compliance reasons) by the NIST USGCB baselines.
I've also been testing auditd with setuid/setgid binaries.
Also as a potential replacement for aide (again, mostly compliance reasons).
Your use of auditd rules depends a lot on your drivers for doing so, and
your desired results.
On 08/28/2015 04:12 PM, Alarie, Maxime wrote:
Anyone ever implemented auditd by following the CIS standards
described here?
https://benchmarks.cisecurity.org/downloads/show-single/?file=suse11.110
Is it too restrictive? Not enough? Too much ressources consuming? I
would like some comments/opinions if possible.
Many thanks.
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
Attachments:
- attachment.html (text/html — 3.5 KB)