The audit package contains the user-space utilities for creating audit rules, as well as for storing and searching the audit records generate by the audit subsystem in the Linux 2.6 kernel. It also has a basic Intrusion Detection plugin based on audit events capable of IDMEF alerting using prelude.
License: GNU General Public License (GPL)
Changes:
There is an improved fix for buffer overflow in the audit_log_user_command. An auditd memory leak on EOE records (2.6.25 kernel only) has been fixed. Linux STIG sample rules have been added. There are performance improvements.
More...