The audit package contains the user-spaceutilities for creating audit rules, as well as forstoring and searching the audit records generateby the audit subsystem in the Linux 2.6 kernel. It also has a basic Intrusion Detection plugin based on audit events capable of IDMEF alerting using prelude.
License: GNU General Public License (GPL)
Changes:
A new auparse library interface for expressions-based searches. An updated syscall table for the 2.6.25 kernel. Prelude alerts can now be individually disabled. There is a new prelude alert for watched account logins.
More...