Highest Voted 'audit' Questions - Server Fault Stack Exchange

1

vote

0 answers

HashiCorp Vault User Audit Capability

We're seeking a solution to enable us audit our HashiCorp Vault instance to obtain a namespace breakdown of: For each Vault user, the roles or groups that their entity belongs to. Having reviewed the Vault API explorer commands, it appears this is…

audit vault

asked Oct 07 '22 at 09:22

hitman126

11
1

1

vote

2 answers

shell / ssh / tty session logger

Good day to you. I know there's some variations of my question here, but they are a bit different I assure you. We use terminal servers that our admins connect to and then establish ssh connections to other servers. We needed to audit their…

linux ssh unix logging audit

asked Feb 09 '10 at 12:37

Dima Medvedev

346
1
7

1

vote

1 answer

RHEL 8: Administrator vs. Auditor role

On RHEL 8, are there prepared functions, methods, processes or tools to implement administrator/operator and auditor roles in the following way: An administrator/operator should be able to do almost everything except modifying/deleting logs An…

redhat audit security-groups rhel8 administrative-privileges

asked Apr 19 '22 at 06:47

stackprotector

596
1
8
27

1

vote

0 answers

auditd killing a server?

In /var/log/kernellog we can see many entries for audit (since we have "space_left_action = SYSLOG" and "write_logs = no"): ... audit: audit_backlog=32769 > audit_backlog_limit=32768 audit: audit_lost=1 audit_rate_limit=0…

audit auditd sles12

asked Jan 07 '22 at 10:48

jim7475

51
2

1

vote

0 answers

stop kernel audit messages logged in syslog without disabling auditing

OS: CentOS 7 I am trying to figure out how audit (kaudit) events are logged in /var/log/messages. I have enabled audit=1 in grub which means when the server boots, kernel auditing is enabled. This is the desired state for the particular system and…

systemd rsyslog audit auditd journald

asked Nov 25 '21 at 12:05

giomanda

1,754
4
21
30

1

vote

2 answers

Google Cloud - Hipaa Compliance - PgAudit vs IAM Audit Logs

Our infrastructure is hosted on Google Cloud and uses postgresql instances via Cloud SQL I need to configure logging for HIPAA compliance. I have read 2 articles from Google's…

google-cloud-platform postgresql audit google-cloud-sql hipaa

asked Nov 10 '21 at 17:48

Shawn Northrop

113
6

1

vote

0 answers

Monitoring IPv6 connection via auditd

some time i was interested in monitoring TCP/UDP connections with detailed information about process that initiated connection I'have found helpful article about that - Finding short-lived TCP connections owner process so i'have executed: auditctl…

iptables linux-networking ipv6 audit auditd

asked Jul 15 '21 at 07:04

Bormental

11
1

1

vote

0 answers

What makes a selinux-caused EACCESS to not be logged in audit

I've got a system with samba running with standard targetted policy for Fedora. At some point samba is trying to access a directory tagged unconfined_u:object_r:unlabeled_t:s0 and fails. Through strace I can see: lstat("/data", 0x7ffcabcad570) = -1…

linux selinux audit

asked Apr 24 '21 at 03:05

viraptor

1,296
6
21
41

1

vote

1 answer

Detecting Windows Physical Console Logon

I'm trying to find a way to detect a logon where someone is physically at the machine. I know you can do it with Type 2 but the issue is that events get logged when services make a logon request such as when someone logs on through a service. One…

windows active-directory logging windows-event-log audit

asked Mar 22 '21 at 23:48

Jason

3,931
19
66
107

1

vote

1 answer

RHEL: Splitting auditd logs into multiple files for different rules

We have an audit.rules defined and things in rules.d. Many of these are for RHEL CIS compliance and others are more specific for Docker CIS compliance. One problem we are having is that certain rules (i.e. docker file system rules) account for TBs…

redhat audit auditd

asked Sep 10 '20 at 16:10

JD D

151
5

1

vote

1 answer

Auditd not sending to remote central server

I'm setting up a central server using rsyslog and auditd on CentOS 8. I was following this guide on how to send remote audit logs to my central server. Note: instead of going to /etc/audisp/, these files can be found on /etc/audit/ instead. So I…

remote audit auditd centralized-logging

asked Jul 28 '20 at 03:24

Gwynn

13
6

1

vote

1 answer

Auditpol gets reset after rebooting

I have created a script that deletes a file and updates some advanced auditing settings using auditpol. However, whenever the computer gets reset, those auditpol changes get reset as well. Is there any way of preventing this? What could cause that…

group-policy audit reboot

asked Jun 16 '20 at 13:24

Dave

61
4

1

vote

0 answers

Does mcafee mysql audit plugin not work on Percona Server 5.7.27-30?

My environment is 5.7.27-30-log Percona Server on CentOS 7.4. When I installed this plugin (audit-plugin-percona-5.7-1.1.7-866), I got the following error messages. mysql> INSTALL PLUGIN AUDIT SONAME 'libaudit_plugin.so'; ERROR 1123 (HY000): Can't…

mysql audit percona

asked May 21 '20 at 09:15

kanpai

11
1

1

vote

1 answer

Check Active Directory GPO audit settings via Powershell

I am trying to automate checking the audit settings on GPOs. In the GUI, to check one GPO, I'd open Group Policy Management Console, expand domains, the domain name, Group Policy Objects, select a GPO that I wanted to check, go to the delegation…

active-directory powershell audit

asked Mar 30 '20 at 13:26

user3271408

175
1
5
17

1

vote

1 answer

Protecting activity logs in Azure

I know that managing identity securely, providing least needed access etc are important but another critical best practice is having audit logs which cannot be modified, deleted or disabled even by highly privileged users. How to ensure this in…

security azure audit

asked Jan 26 '20 at 17:33

Roman Plášil

111
1

Questions tagged [audit]