Security
Difficulty: Advanced
3 min read

Auditd: Monitoring and Auditing on Linux

Complete guide to installing and configuring auditd on a Linux system to monitor security events and generate detailed logs.

Back to tutorials
What is auditd?
The Linux audit daemon (auditd) is the user-space component of the Linux auditing system. It is responsible for writing the audit records generated by the kernel to disk. It is the fundamental tool for tracking security-relevant events on your system.

Why Use auditd?

  • Traceability: Know who did what, and when. Essential for forensic investigations.
  • Compliance: Helps meet the requirements of many security standards (PCI-DSS, HIPAA, etc.).
  • Intrusion detection: Enables the detection of abnormal activity, such as unauthorized access to critical files.

Prerequisites

  • Operating system: Any modern Linux distribution.
  • Privileges: Root access or sudo privileges.

Premium Content

This advanced tutorial is reserved for premium members.

9,90€ / month
  • All advanced tutorials
  • New content every week
  • Progress tracking
  • Cancel anytime
Log in Create an account

Written by

Morgann Riu

Cybersecurity and Linux administration expert. I share my knowledge through free tutorials and training to help system administrators and developers secure their infrastructures.

My profile LinkedIn GitHub

Share this tutorial

X LinkedIn WhatsApp

Did you enjoy this article?

Comments

Recommended for you

DevOps

Logwatch : Surveillance et analyse de logs

 Sécurité

Lynis : Audit de sécurité pour Linux

 Linux

Acct : Comptabilité des Processus sous Linux

 Blog · Sécurité

Checklist sécurité : 10 points à vérifier sur tout serveur Linux

In-depth article on the topic

Checklist Sécurité Linux

30 points essentiels pour sécuriser un serveur Linux. Recevez aussi les nouveaux tutoriels par email.

Pas de spam. Désabonnement en 1 clic.