Critical System Protection and Linux auditing
Linux uses the audit.rules file to determine what files get audited. CSP uses the Unix or Linux template to determine auditing. Does CSP parse the /var/log/messages and /var/log/secure in any way? How does CSP get its audits, from audit.rules daemon or some other way.
Here is the issue. We have a DISA STIG requirement to audit a boatload of data which is filling up audit logs rather quickly. If CSP was independent can captured the same audits, we could turn of the audit daemon in Redhat and just use CSP's built in audit templates.
Part II of the question:
Does anyone know of an updated Linux template similar to the unix baseline detection? The unix baseline detection has files and folders which do not exist in Redhat linux.