A Linux Auditd rule set mapped to MITRE's Attack Framework

• UpdatedJul 8, 2020

Transform Linux Audit logs for SIEM usage

• UpdatedMar 13, 2025
• Rust

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

• UpdatedFeb 4, 2025
• Python

Ansible role to apply a security baseline. Systemd edition.

• UpdatedMar 17, 2025
• Jinja

go-libaudit is a library for communicating with the Linux Audit Framework.

• UpdatedNov 28, 2024
• Go

A library and a tool for converting audit logs to XML and JSON

• UpdatedJan 19, 2018
• C

Hardening the Linux operating system for Debian like distributions.

• UpdatedJun 10, 2024
• Shell

Install and configure user mode auditd tools

• UpdatedMar 12, 2023
• HTML

ArchLinux setup which focuses on desktop security

• UpdatedNov 15, 2024
• Python

!!!不建议使用了，可以使用AuditBeat!!! Linux服务器命令监控辅助脚本，ElasticSearch + Logstash + Kibana + Redis + Auditd

• UpdatedApr 10, 2019
• Python

Demo for Elastic's Auditbeat and SIEM

• UpdatedJun 15, 2021
• HCL

Proof-of-Concept to evade auditd by writing /proc/PID/mem

• UpdatedAug 21, 2023
• C

Proof-of-Concept to evade auditd by tampering via ptrace

• UpdatedAug 3, 2023
• C

Ansible role to install auditbeat for security monitoring. (Ruleset included)

• UpdatedNov 16, 2023
• Jinja

Install and configure auditd on your system.

• UpdatedMar 6, 2025
• Jinja

A small Go program to read /var/log/audit/audit.log

• UpdatedNov 12, 2018
• Go

Best practice configuration for Linux auditd for CIS and STIG standards, enhanced with LOTL detection rules.

• UpdatedFeb 22, 2025
• Python

Installs 7.X ELK Stack on CentOS, RHEL, Ubuntu, or Debian

• UpdatedJun 18, 2019

logstash 5.4 auditd filter

• UpdatedJun 19, 2017

Hands-on projects for beginners to learn and practice essential cybersecurity skills through security assessments.

• UpdatedJul 10, 2024