{"id":13497570,"url":"https://github.com/Neo23x0/auditd","last_synced_at":"2025-03-28T22:31:47.217Z","repository":{"id":38713958,"uuid":"150223220","full_name":"Neo23x0/auditd","owner":"Neo23x0","description":"Best Practice Auditd Configuration","archived":false,"fork":false,"pushed_at":"2025-01-31T16:26:52.000Z","size":214,"stargazers_count":1584,"open_issues_count":46,"forks_count":275,"subscribers_count":83,"default_branch":"master","last_synced_at":"2025-03-24T01:37:34.718Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Neo23x0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":"audit.rules","citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-09-25T07:16:21.000Z","updated_at":"2025-03-23T18:35:13.000Z","dependencies_parsed_at":"2024-04-21T06:29:13.483Z","dependency_job_id":"d2e2e75e-0206-4515-9193-22229f02e03a","html_url":"https://github.com/Neo23x0/auditd","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Neo23x0%2Fauditd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Neo23x0%2Fauditd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Neo23x0%2Fauditd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Neo23x0%2Fauditd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Neo23x0","download_url":"https://codeload.github.com/Neo23x0/auditd/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245727635,"owners_count":20662552,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T20:00:33.658Z","updated_at":"2025-03-28T22:31:46.975Z","avatar_url":"https://github.com/Neo23x0.png","language":null,"readme":"[![Actively Maintained](https://img.shields.io/badge/Maintenance%20Level-Actively%20Maintained-green.svg)](https://gist.github.com/cheerfulstoic/d107229326a01ff0f333a1d3476e068d)\n\n        ___             ___ __      __\n       /   | __  ______/ (_) /_____/ /\n      / /| |/ / / / __  / / __/ __  / \n     / ___ / /_/ / /_/ / / /_/ /_/ /  \n    /_/  |_\\__,_/\\__,_/_/\\__/\\__,_/   \n\nBest Practice Auditd Configuration\n\n## Idea\n\nThe idea of this auditd configuration is to provide a basic configuration that\n\n- works out-of-the-box on all major Linux distributions \n- fits most use cases\n- produces a reasonable amount of log data\n- covers security relevant activity\n- is easy to read (different sections, many comments)\n\n## Sources\n\nThe configuration is based on the following sources\n\nGov.uk auditd rules\nhttps://github.com/gds-operations/puppet-auditd/pull/1\n\nCentOS 7 hardening\nhttps://highon.coffee/blog/security-harden-centos-7/#auditd---audit-daemon\n\nLinux audit repo \nhttps://github.com/linux-audit/audit-userspace/tree/master/rules\n\nAuditd high performance linux auditing\nhttps://linux-audit.com/tuning-auditd-high-performance-linux-auditing/\n\n### Further rules\n\nNot all of these rules have been included. \n\nFor PCI DSS compliance see: \nhttps://github.com/linux-audit/audit-userspace/blob/master/rules/30-pci-dss-v31.rules\n\nFor NISPOM compliance see:\nhttps://github.com/linux-audit/audit-userspace/blob/master/rules/30-nispom.rules\n\n## Video Explanations by IppSec\n\nIppSec captured a video that explains how to detect the exploitation of the OMIGOD vulnerability using auditd. In that video, he walks you through the audit configuration maintained in this repo and explains how to use it. I highly recommend this video to get a better understanding of what is happening in the config. \n\nhttps://www.youtube.com/watch?v=lc1i9h1GyMA\n\n## Contribution\n\nPlease contribute your changes as pull requests\n","funding_links":[],"categories":["Others","GNU/Linux","Tools/Scripts/Code:","Hardening"],"sub_categories":["Ghidra"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FNeo23x0%2Fauditd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FNeo23x0%2Fauditd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FNeo23x0%2Fauditd/lists"}