The audit package contains the user-space utilities for creating audit rules, as well as for storing and searching the audit records generate by the audit subsystem in the Linux 2.6 kernel. It also has a basic Intrusion Detection plugin based on audit events capable of IDMEF alerting using prelude.
License: GNU General Public License (GPL)
Changes:
This release adds idmef alerts for access or execution of watched files, support for virtual keys, and a basic remote logging plugin (only sends with no flow control). There are many bugfixes throughout.
More...