Highest Voted 'audit' Questions - Server Fault Stack Exchange

1

vote

0 answers

How do audit file permissions changes over CIFS?

I have a few windows file servers but am slowly changing to Freenas/ZFS boxes which are working much better however I can't figure out how to audit when people change permissions to critical folders. On windows I enable object-level auditing via…

asked Jan 19 '16 at 23:16

Guldan

11
1

1

vote

0 answers

Server 2008 R2 & Auditing

Having an issue with auditing a network for logins. I am looking for Event 4740 but the logs are not showing them. Neither on the local machines either. I have verified that Account Management Auditing has been enabled and is set to Success And…

windows-server-2008-r2 group-policy audit

asked Nov 20 '15 at 18:16

JukEboX

815
4
17
46

1

vote

1 answer

When does augenrules run automatically on CentOS 7.1?

I need to update /etc/audit/audit.rules. I would replace the file restart the service, but I found in the log a call to augenrules during initial startup of the machine. Apart from the initial startup, is there any time when augenrules runs…

centos centos7 audit auditd

asked Oct 29 '15 at 21:21

David Resnick

195
3
13

1

vote

0 answers

Windows Server 2008 R2 - Failed login auditing

I am having issue with configuring Auditing on the server in order to catch failed and successful network logins. This morning we found one of our test machines with a strange login on the locked screen. Definitely not a user that exists on our…

windows-server-2008-r2 login audit eventviewer

asked Oct 21 '15 at 15:02

Robert Kołodziej

33
1
9

1

vote

0 answers

Best practices / settings to create "Read-Only" Admin role for auditors and similar

I am trying very diligently to remove as many over-privileged accounts/roles in our Active Directory and Windows (server and desktop) environment. This means retiring as many users as possible from Local Admin and Domain admin roles. (This…

windows security audit

asked Oct 09 '15 at 17:53

dave_the_dev

131
3

1

vote

1 answer

Window Logs - Is any event logged when a user overwrites files? (Win Server 2012 R2)

Is any event logged when a user/process overwrites files? (Win Server 2012 R2)

windows audit logging

asked Sep 22 '15 at 20:23

hogarth45

1

vote

1 answer

389DS Access.log parsing - turning LDAP request type into an audit event

Has anyone authored code to parse a 389 Directory Server's access.log file with an aim of generating audit events based around the LDAP request type. Bascially, take the log sequence [21/Apr/2007:11:39:51 -0700] conn=11 fd=608 slot=608 connection…

ldap audit 389-ds

asked Jul 03 '15 at 11:50

BurnA

421
3
6

1

vote

1 answer

AWS Firewall Configuration Review

We had a situation where an incorrect AWS firewall rule buried in our configuration was causing some headaches. After a few days we found the rule and fixed it. Does anyone know of a good way to audit Amazon AWS firewall configurations to better…

audit

asked Jun 26 '15 at 21:21

EagleEye208

113
2

1

vote

0 answers

what are the advantages and disadvantages of auditing mailboxes in exchange server?

I want to know the pros and the cons of enabling this feature in our exchange server 2010. Primarily we would like to start of with few mailboxes first, I am aware that the login logos will require some storage space.

exchange audit mailbox

asked Jun 10 '15 at 11:55

sir nur

11
1

1

vote

1 answer

Strange SECCOMP entries for sshd in audit log

I'm seeing strange entries for sshd in my audit logs along the lines of: type=SECCOMP audit(1433519794.902:46): auid=20003 uid=22 gid=22 ses=21 pid=25136 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=40000003 syscall=102 compat=0 ip=0xb76c8aac…

ssh security audit

asked Jun 08 '15 at 20:47

Robert

23
5

1

vote

1 answer

Audit what version of Remote Desktop users are using

we're trying to find out if there's any specific way to audit what version of remote desktop users are connecting with to a terminal server. You can find the version number manually by right clicking on the mstsc.exe bar at the top and selecting…

remote-desktop terminal-server remote-desktop-services windows-terminal-services audit

asked May 29 '15 at 10:52

Benjamin

11
1

1

vote

4 answers

How to get Microsoft license authentication for all machines on a network?

We have a small network (~150 desktops, ~20 servers) much of which is Linux. MS keeps wanting to audit our MS products every 3 years or so. I really don't have time to go around to 80-90 desktops and copy down the Win activation keys and then…

windows active-directory authentication licensing audit

asked Apr 23 '15 at 05:04

John Scott

19
2

1

vote

0 answers

event 4656 even though handle manipulation auditing is disabled

windows server 2012R2 auditpol /set /subcategory:"Handle Manipulation" /Success:Disabled /Failure:Disabled still getting events 4656 "A handle to an object was requested." any ideas?

windows-server-2012-r2 audit eventviewer

asked Apr 07 '15 at 20:23

userfault

23
3

1

vote

1 answer

Simple Printer Audit Script

I'm working on Windows Server 2008 R2 and I want to create a simple script to audit the printing carried out in the company. I would like these details to be audited in an text file in a share and for the script to be run after someone sends…

audit printer

asked Oct 07 '13 at 22:08

Computeristic

27
6

1

vote

1 answer

mysql logging activity from specific user or ip

I have mysql server. The server is accessed by my application, and by external auditor (person using mysql workbench). The auditor has specific user and password and dedicated IP and it is granted only for select privileges. I need to log the…

mysql monitoring logging wireshark audit

asked Jan 26 '13 at 14:10

darko petreski

289
1
2
8

Questions tagged [audit]