The audit package contains the user-space utilities for creating audit rules, as well as for storing and searching the audit records generate by the audit subsystem in the Linux 2.6 kernel. It also has a basic Intrusion Detection plugin based on audit events capable of IDMEF alerting using prelude.
License: GNU General Public License (GPL)
Changes:
This release fixes a tcp_wrappers bug, has improved GSSAPI support, and adds a new watched syscall option for the prelude plugin.
More...