Monitoring allows us to collect, store, and analyze the detailed information on the system at any given time. Using the audit subsystem for monitoring these activities raises the level of security in Linux systems. Although it doesn't offer additional security, it provides a detailed insight across the various critical kernel subsystems. With the help of detailed information on system activities and violations, it can be used to implement additional targeted security measures. The audit subsystem works by listening to the events reported by the kernel and logging them to a log file. In this talk, we will be taking a deeper look at the audit kernel subsystem and its use.
