All-Seeing Eye or Blind Man? Understanding the Linux Kernel Auditing System

The Linux kernel auditing system provides powerful capabilities for monitoring system activity. While the auditing system is well documented, the manual pages, user guides, and much of the published writings on the audit system fail to provide guidance on the types of attacker-related activities...
David Kennel
September 21, 2018

All papers are copyrighted. No re-posting of papers is permitted