Highest Voted 'audit' Questions - Server Fault Stack Exchange

1

vote

1 answer

Auditing events 4656 and 4658 on Windows folder on Server 2008

During an overnight system state backup we are seeing thousands of success audit events (4656, 4658) on the folder c:\windows\servicing, system32 and others in the windows folder. We use file success auditing on some files so I can't disable it but…

windows-server-2008 security audit

asked Jul 22 '09 at 13:24

PCurd

192
10

1

vote

0 answers

Exchange Admin Audit log

i was looking at the admin audit logs today and found it very usefull. But it doesn't include the source computer launching the commands. An example, i have the EMC on my computer modifying some distribution list on exchange which is a different…

exchange-2010 logging audit

asked Sep 11 '12 at 21:31

Alex

131
1
11

1

vote

2 answers

Replay the logs created by script?

In our RedHat server, we ave enabled user session logging using script and it's logging the user sessions. But I can't find scriptreplay to play the logs recorded. How to read/play the logs ?

linux logging scripting audit

asked Sep 06 '12 at 06:13

nitins

2,579
15
44
68

1

vote

1 answer

Dynamics CRM 2011 On-Premise & Security Certifications (ISO 27001, SAS70, etc)

I'm unclear on how to properly word our security status. The data center our hosted IFD CRM instance is running on has not paid for these audits. However, the Microsoft literature suggests that CRM Online (which is hosted on MS servers) has these…

security audit microsoft-dynamics-crm

asked May 15 '12 at 23:16

Eric

169
9

1

vote

3 answers

How to see when what processes have accessed certain files

There is a directory on our server where we manually copy files to, and then some magical procedure runs at night to process these fiels and rename them. This was setup before I got here, and I can't seem to find where this mysterious process is…

windows-server-2003 audit

asked Apr 23 '12 at 20:08

Brandon Moore

456
2
6
17

1

vote

1 answer

How can I see which applications have accessed a certain file within a given time period on Linux?

Is it possible on Linux to find out which applications have accessed a certain file in the last 24 hours? I've come with a few possible solutions: Watch lsof. It works, but it's constrained to watch's granularity. inotify sounds good... but no…

linux files audit monitoring

asked Mar 20 '12 at 23:50

Nikolaidis Fotis

2,032
11
13

1

vote

1 answer

What does sysprep do on Win2k8 with /audit?

Windows 2008 R2 host running Hyper-V. I meant to run "sysprep /audit /reboot" on one of the virtual machines, but ended up running that on the host (doing this through 2 layers of RDP - bad idea). The server was one of two domain controllers, but…

windows windows-server-2008 active-directory audit sysprep

asked Mar 01 '12 at 00:34

VokinLoksar

121
1
8

1

vote

2 answers

CentOS - Percona MySQL - Not Reading /etc/my.cnf

I've compiled Percona 5.5 on my CentOS 6.1 server and it starts fine, however it doesn't appear to be reading my /etc/my.cnf file. # In /etc/my.cnf character_set_server = utf8 collation_server = utf8_general_ci mysql> show variables like…

mysql centos selinux audit percona

asked Dec 17 '11 at 19:39

Mike Purcell

1,708
7
32
54

1

vote

4 answers

sendmail sending mail to recipients I don’t know of; possible spam host

Recently I did an audit of my machine with logwatch and found out that my machine sends around 582 mails everyday. STATISTICS ---------- Messages To Recipients: 582 Addressed Recipients: 582 Bytes Transferred: 444985 Messages No…

sendmail spam audit malware

asked Nov 22 '11 at 16:45

Quintin Par

4,373
11
49
72

1

vote

1 answer

Audit folder permissions on a windows server

I have a number of servers in the corporate domain that seem to randomly lose ACL permissions to the TEMP folders (c:\temp, c:\windows\temp and any temp folder defined in the environment variables). Instead of the normal permissions (administrators…

windows audit file-permissions security

asked Nov 09 '11 at 16:02

V. Romanov

1,169
1
10
19

1

vote

2 answers

Want to find cause of recurring failed SQL Server 2005 login attempts

I've been noticing recurring failed logon attempts onto our SQL server. It happens every minute with the same login. An example from the log file viewer 10/18/2011 13:54:50,Logon,Unknown,Login failed for user 'LOLZOR\lolsqlserver'. [CLIENT: ] …

sql-server login audit

asked Oct 18 '11 at 12:32

Datapimp23

191
1
3
21

1

vote

1 answer

Is there a way to pam_tty_audit on Linux OpenVZ containers?

Looks like pam_tty_audit in Linux (http://www.slashzero.com/2009/11/shell-session-logging/) could have been a great way to help figure out "what happened!" when one gets rooted. I say "could have been" because the rootkits do clean logs and kill…

linux openvz audit tty

asked Aug 03 '11 at 06:02

Aleksandr Levchuk

2,465
3
22
41

1

vote

3 answers

DML Auditing ("Who did inserts?")

Does an out-of-the-box newly created database (in SQL Server 2008) keep any DML audit records, such as: User 'George' did an insert on table 'Alpha' on 6/20/2011 User 'Fred' did a delete on table 'Beta' on 6/21/2011 If yes, how do I access that…

sql-server audit

asked Jun 21 '11 at 23:32

Brent Arias

247
3
13

1

vote

1 answer

What does "Invalid AVC allowed in current policy" mean?

I was looking into my selinux alert logfile and running over multiple entries labeled **** Invalid AVC allowed in current policy *** I understand that this signals a problem (on read or getattr etc.) and I see which processes cause it, but what I…

audit selinux

asked Jun 17 '11 at 12:52

hakre

156
1
14

1

vote

1 answer

Auditing user behavior in a small organization to prepare IT restructuring

My company will be working on restructuring/rethinking the whole IT infrastructure for a small company (about 25 employees). A part of this is a migration to Google Apps for email, calendar, etc. That leaves many other things to think about (file…

testing users audit infrastructure

asked Apr 24 '11 at 21:04

Andrei

463
2
5
12

Questions tagged [audit]