Access your Pro+ Content below.
Analysis of the Linux Audit System
Sponsored by ComputerWeekly.com
This article in our Royal Holloway Security Series identifies serious flaws due to architectural limitations of the Linux kernel which cast doubts on its ability to provide forensically sound audit records and discusses possible mitigation techniques
Table Of Contents
- Audit mechanisms on an operating system (OS) record relevant system events to provide information for analysing the trustworthiness of the system. This is especially important for detecting or investigating potential compromises of a system.
- In Linux-based operating systems, the standard framework for auditing is the Linux Audit Subsystem. It generates, processes and records relevant audit events either from within the kernel or from user-space programs.
- In this article, we identify serious flaws due to architectural limitations of the Linux kernel, which cast doubts on its ability to provide forensically sound audit records. We also examine these limitations and discuss possible mitigation methods.
Access this CW+ Content for Free!
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.