UNIX Core Event Logging

There are a minimum set of events that should be logged on UNIX-like operating systems. Typically you would need to define requirements for your specific needs and add and modify them per requirements that you define.

Log the following events for a UNIX and UNIX like operating system outside of any global requirements for operating systems or global logging requirements.

Category Rationale
Escalation of privileges Log who is using sudo to escalate privileges
Password changes Log password changes
Kernel changes Log kernel changes for potential security events
Permission Changes Log file permission changes that may signify a breach
Connect Time Accounting Log connection time events
Process Accounting Log process related events
Error and Administrative Accounting Log system errors and administrative events