The Linux audit framework as shipped with many Linux distributions system provides a framework that reliably collects information about any security-relevant events. The audit records can be examined to determine whether any violation of the security policies has been committed, and by whom.
Linux audit helps make your system more secure by providing you with a means to analyze what is happening on your system in great detail. It does not, however, provide additional security itself—it does not protect your system from code malfunctions or any kind of exploits. Instead, Audit is useful for tracking these issues and helps you take additional security measures to prevent them.
This session provides a basic understanding of how audit works, how it can be set up, and how to use various utilities to display, query and archive the audit trail and how Linux Audit can be part of any overall Defense in Depth strategy.