Auditd

---

name: "auditd" version: "1.0.0" description: "Linux Audit Framework reference. auditctl rules for file watches and syscall auditing, auditd.conf configuration, ausearch log queries, aureport summaries, audit.log format, CIS/PCI-DSS compliance rules, and audit tools." author: "BytesAgain" homepage: "https://bytesagain.com" source: "https://github.com/bytesagain/ai-skills" tags: [auditd, audit, security, linux, compliance, logging] category: "sysops"

---

auditd

Linux Audit Framework reference — kernel-level security auditing.

Commands

| Command | Description | |---------|-------------| | intro | What is auditd, architecture, quick start | | rules | auditctl watches, syscall rules, filters | | config | auditd.conf settings, rotation, disk actions | | search | ausearch by key, time, user, file | | report | aureport summaries, login, auth, file | | logs | audit.log format, field meanings | | compliance | CIS benchmark and PCI-DSS rules | | tools | auditctl, audit2allow, aulast, autrace |