CIS and audit rules
John Jasen
jjasen at gmail.com
Wed Sep 2 23:01:50 UTC 2015
I've been testing a variant of the CIS benchmarks, supplemented (for
compliance reasons) by the NIST USGCB baselines.
I've also been testing auditd with setuid/setgid binaries.
Also as a potential replacement for aide (again, mostly compliance reasons).
Your use of auditd rules depends a lot on your drivers for doing so, and
your desired results.
On 08/28/2015 04:12 PM, Alarie, Maxime wrote:
>
>
>
> Anyone ever implemented auditd by following the CIS standards
> described here?
> https://benchmarks.cisecurity.org/downloads/show-single/?file=suse11.110
>
>
>
> Is it too restrictive? Not enough? Too much ressources consuming? I
> would like some comments/opinions if possible.
>
>
>
>
>
> Many thanks.
>
>
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20150902/ae1fb55f/attachment.htm>
More information about the Linux-audit
mailing list