Installing Auditd on the system

This tool can be installed by using the apt-get or the wajig facility which are both used for downloading packages on Linux. For the purpose of demonstration let us search and see what the result for the search audits comes:

wajig search auditd

It says user space tools for security auditing. This is the same thing that we discussed in the intro section.

Use the below command to install auditd on your system:

apt-get install auditd

Confirm whether it is installed successfully or not:

 auditctl -l

If a message like this is obtained then auditd is successfully installed. Currently, it is saying ”No Rules”, let us understand that in the next section.

Auditd is short for Linux Audit Daemon which is a tool in Linux used for the process of collecting and writing the audit log files of the system. The term “daemon” is used for the processes which run in the background of service in work, this means that this tool is continuously operating behind the scenes.

Below given are some important features of the Auditd system:

1. It is a very self-reliant tool that does not depend on the help of external programs.
2. It is Highly configurable allowing us to see a wide range of system operations.
3. Any potential threats can also be detected with the help of this tool.
4. It can work in Sync with the other intrusion detection system to find out about intruders.
5. forensic audits also rely on this tool.   

Note: We are using the OS as a root user so we are not writing sudo everywhere.