The audit package contains the user-spaceutilities for creating audit rules, as well as forstoring and searching the audit records generateby the audit subsystem in the Linux 2.6 kernel. It also has a basic Intrusion Detection plugin based on audit events capable of IDMEF alerting using prelude.
License: GNU General Public License (GPL)
Changes:
TTY audit updates. An update of capabilities interpretation. Non-root search has been improved to not cause access problems. A new exit code search option has been added to ausearch. There are performance improvements for ausearch. Config file parsing when GSSAPI support is disabled has been fixed.
More...