I've been testing a variant of the CIS benchmarks, supplemented (for compliance reasons) by the NIST USGCB baselines.

I've also been testing auditd with setuid/setgid binaries.

Also as a potential replacement for aide (again, mostly compliance reasons).

Your use of auditd rules depends a lot on your drivers for doing so, and your desired results.

On 08/28/2015 04:12 PM, Alarie, Maxime wrote:

Anyone ever implemented auditd by following the CIS standards described here? https://benchmarks.cisecurity.org/downloads/show-single/?file=suse11.110

Is it too restrictive? Not enough? Too much ressources consuming? I would like some comments/opinions if possible.

Many thanks.
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit