Security
Difficulty: Advanced
3 min read

Auditd: Monitoring and Auditing on Linux

Complete guide to installing and configuring auditd on a Linux system to monitor security events and generate detailed logs.

Back to tutorials
What is auditd?
The Linux audit daemon (auditd) is the user-space component of the Linux auditing system. It is responsible for writing the audit records generated by the kernel to disk. It is the fundamental tool for tracking security-relevant events on your system.

Why Use auditd?

  • Traceability: Know who did what, and when. Essential for forensic investigations.
  • Compliance: Helps meet the requirements of many security standards (PCI-DSS, HIPAA, etc.).
  • Intrusion detection: Enables the detection of abnormal activity, such as unauthorized access to critical files.

Prerequisites

  • Operating system: Any modern Linux distribution.
  • Privileges: Root access or sudo privileges.

Premium Content

This advanced tutorial is reserved for premium members.

9,90€ / month
  • All advanced tutorials
  • New content every week
  • Progress tracking
  • Cancel anytime

Written by

Morgann Riu

Cybersecurity and Linux administration expert. I share my knowledge through free tutorials and training to help system administrators and developers secure their infrastructures.

Share this tutorial

Did you enjoy this article?

Comments

Checklist Sécurité Linux

30 points essentiels pour sécuriser un serveur Linux. Recevez aussi les nouveaux tutoriels par email.

Pas de spam. Désabonnement en 1 clic.