A Linux Auditd rule set mapped to MITRE's Attack Framework
-
Updated
Jul 8, 2020
A Linux Auditd rule set mapped to MITRE's Attack Framework
Transform Linux Audit logs for SIEM usage
Ansible role to apply a security baseline. Systemd edition.
A Linux Auditd rule set mapped to MITRE's Attack Framework
Hardening the Linux operating system for Debian like distributions.
Install and configure user mode auditd tools
ArchLinux setup which focuses on desktop security
Demo for Elastic's Auditbeat and SIEM
Proof-of-Concept to evade auditd by writing /proc/PID/mem
Proof-of-Concept to evade auditd by tampering via ptrace
Ansible role to install auditbeat for security monitoring. (Ruleset included)
A small Go program to read /var/log/audit/audit.log
Add a description, image, and links to the auditd topic page so that developers can more easily learn about it.
To associate your repository with the auditd topic, visit your repo's landing page and select "manage topics."