Auditing Goals
Auditing should make it easy to detemrine:
-
Who made the change? (More than information that "root" made the alteration.)
-
When was the change made? (An adequate log retention period is important.)
-
What was the purpose of the change? (If not malicious, the change was made for a reason.)