Edit Threat

Name

Category

Tags (comma-separated)

Description Adversaries may disable or modify the Linux audit system to hide malicious activity and avoid detection. Linux admins use the Linux Audit system to track security-relevant information on a system. The Linux Audit system operates at the kernel-level and maintains event logs on application and system activity such as process, network, file, and login events based on pre-configured rules. Often referred to as auditd, this is the name of the daemon used to write events to disk and is governed by the