I'm new to Linux Kernel development, and I am now assigned a task to develop a Linux kernel module, which can monitor the network, filesystem, USB and serial ports.
I am aware of the things like netfilter/iptables, libpcap, inotify and lse (linux security modules). I know there is always more than one way to skin a cat, especially in Linux world.
I am still wondering, what the proper way to do auditing things in Linux kernel nowadays is.
Any suggestion is appreciated.
