Robust system security relies on three principles: up-to-date security protocols, correct system configuration, and frequent system monitoring. Auditing and reviewing audit records addresses the third requirement. Each component within a system often has some degree of monitoring capability. You can follow the audit advice in this document and monitor audit records.

See Using System Auditing and Monitoring, Using Advanced Intrusion Detection Environment and Implementing System Process Accounting for more information.

Also consider using the Ksplice known exploit detection feature with systems that have the Ksplice Enhanced client installed. That feature reports exploitation attempts from known attack vectors. When new Common Vulnerabilities and Exposures (CVEs) are discovered and patched by Ksplice, Oracle might add tripwires to the code that log when an erroneous condition is triggered to ensure that administrators can monitor systems for suspicious activity. For more information about Ksplice, see Oracle Linux: Ksplice User's Guide.