Hardening domain

Logging & Auditing

You can't respond to what you can't see. This domain configures the Linux audit framework (auditd) and journald, ships logs off-host, and builds rules that record the events incident response actually needs.

Auditd & Journald: A Logging Baseline
Build a tamper-resistant logging baseline on Linux with persistent journald, the auditd framework, sensitive-file watches, and off-host log shipping.

All posts in this series

Auditd & Journald: A Logging Baseline

Build a tamper-resistant logging baseline on Linux with persistent journald, the auditd framework, sensitive-file watches, and off-host log shipping.

5/6/2026

auditdjournaldloggingmonitoring