LogAnalysis
[logs] CanSecWest 2008 CFP (deadline Nov 30,conf Mar 26-28) and PacSec Dojo's Nov 09 2007 04:24AM
Dragos Ruiu (dr kyx net) (1 replies)
[logs] How to log - commands and file access Nov 09 2007 08:25AM
david bigot devoteam com (7 replies)
Re: [logs] How to log - commands and file access Mar 03 2008 07:24AM
Cesare (tensi mclink it)
Re: [logs] How to log - commands and file access Nov 25 2007 12:48AM
Karl Vogel (vogelke pobox com)
RE: [logs] How to log - commands and file access Nov 12 2007 11:37PM
Kurt Buff (KBuff zetron com) (1 replies)
RE: [logs] How to log - commands and file access Nov 13 2007 10:01PM
David Corlette (dcorlette novell com) (1 replies)
Re: [logs] How to log - commands and file access Nov 13 2007 11:31PM
Matt Cuttler (mcuttler bnl gov)
Re: [logs] How to log - commands and file access Nov 12 2007 02:47PM
Mike Blomgren (mike blomgren tornado se) (1 replies)
Re: [logs] How to log - commands and file access Nov 12 2007 03:15PM
david bigot devoteam com (1 replies)
Re: [logs] How to log - commands and file access Nov 13 2007 04:07AM
Anton Chuvakin (anton chuvakin org)
Re: [logs] How to log - commands and file access Nov 09 2007 08:09PM
Anton Chuvakin (anton chuvakin org) (2 replies)
Re: [logs] How to log - commands and file access Nov 10 2007 03:49PM
James B Horwath (Jim_Horwath glic com)
Re: [logs] How to log - commands and file access Nov 10 2007 02:21AM
James Turnbull (james lovedthanlost net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Anton Chuvakin wrote:
>> - all file access by process and username in real-time (not static) or if
>> it's not possible, which process and username access to some files (or
>> directory) like /etc/shadow, /data/ ...
>
> Unix binary audit is the answer to this one. Specifically,
>
> - Solaris BSM audit
> - HPUX Audit
> - AIX <whatever they call it>
>

Built into Linux 2.6 kernels is an extensive audit capability - the
Linux Auditing System. Have a look at the auditd man page:

http://linux.die.net/man/8/auditd

It's pretty powerful and you can cut down the volume of data by
specifying some fairly precise policies.

Regards

James Turnbull

James Turnbull <james (at) lovedthanlost (dot) net [email concealed]>
- ---
Author of Pro Nagios 2.0
(http://www.amazon.com/gp/product/1590596099/)

Hardening Linux
(http://www.amazon.com/gp/product/1590594444/)
- ---
PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0C42DF40)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHNRXD9hTGvAxC30ARAppZAJ9HXxovxGjG6vWscKKNVfBCwrMrCgCggHoc
FOJIHkFaGuaHx0aKsz1Onzc=
=BZ6h
-----END PGP SIGNATURE-----
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
Re: [logs] How to log - commands and file access Nov 09 2007 07:38PM
Vincent Bernat (bernat luffy cx)
Re: [logs] How to log - commands and file access Nov 09 2007 07:10PM
Stephen John Smoogen (smooge gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus