SecurityFocus

[logs] CanSecWest 2008 CFP (deadline Nov 30,conf Mar 26-28) and PacSec Dojo's Nov 09 2007 04:24AM
Dragos Ruiu (dr kyx net) (1 replies)

[logs] How to log - commands and file access Nov 09 2007 08:25AM
david bigot devoteam com (7 replies)

Re: [logs] How to log - commands and file access Mar 03 2008 07:24AM
Cesare (tensi mclink it)

Re: [logs] How to log - commands and file access Nov 25 2007 12:48AM
Karl Vogel (vogelke pobox com)

RE: [logs] How to log - commands and file access Nov 12 2007 11:37PM
Kurt Buff (KBuff zetron com) (1 replies)

RE: [logs] How to log - commands and file access Nov 13 2007 10:01PM
David Corlette (dcorlette novell com) (1 replies)

Re: [logs] How to log - commands and file access Nov 13 2007 11:31PM
Matt Cuttler (mcuttler bnl gov)

Re: [logs] How to log - commands and file access Nov 12 2007 02:47PM
Mike Blomgren (mike blomgren tornado se) (1 replies)

Re: [logs] How to log - commands and file access Nov 12 2007 03:15PM
david bigot devoteam com (1 replies)

Re: [logs] How to log - commands and file access Nov 13 2007 04:07AM
Anton Chuvakin (anton chuvakin org)

Re: [logs] How to log - commands and file access Nov 09 2007 08:09PM
Anton Chuvakin (anton chuvakin org) (2 replies)

> - all file access by process and username in real-time (not static) or if
> it's not possible, which process and username access to some files (or
> directory) like /etc/shadow, /data/ ...

Unix binary audit is the answer to this one. Specifically,

- Solaris BSM audit
- HPUX Audit
- AIX <whatever they call it>

Be prepared to experience a flood of data. If you are doing it per
user, it will be much easier. Some allow (and some don't allow) it on
a per file/per directory basis, use it!

You can then centralize the resulting binary audit files into a log
management tool for reporting, analysis, searching, safekeeping, etc.

P.S. Since I just mentioned a log management tool, I need to please
Tina and say: I work for LogLogic that makes such tools.

Best,
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://chuvakin.blogspot.com
http://www.info-secure.org
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]

Re: [logs] How to log - commands and file access Nov 10 2007 03:49PM
James B Horwath (Jim_Horwath glic com)

Re: [logs] How to log - commands and file access Nov 10 2007 02:21AM
James Turnbull (james lovedthanlost net)

Re: [logs] How to log - commands and file access Nov 09 2007 07:38PM
Vincent Bernat (bernat luffy cx)

Re: [logs] How to log - commands and file access Nov 09 2007 07:10PM
Stephen John Smoogen (smooge gmail com)