Highest Voted 'audit' Questions - Server Fault Stack Exchange

0

votes

1 answer

Should Active Directory, Web Apps and MS-SQL all have the same users?

I am looking for a clean way to do audit trails in MS SQL Server, for compliance reasons, preferably completely on the database side without involving the web application. When talking about audit trails I mean a complete log of the changes to the…

asked Jul 16 '19 at 20:25

Felix Ruzzoli

1
2

0

votes

2 answers

View or open audit for the SharePoint Online site

I am trying to figure out how to view Audit logs for the SharePoint Online site. On our on-prem SharePoint 2013 farm in the configure audit settings for a particular site collection, I have audit option for opening or downloading documents, viewing…

sharepoint microsoft-office-365 audit sharepoint-2013

asked Jun 21 '19 at 06:34

LukeA

3
1

0

votes

2 answers

How to audit folder permissions

Is there an easy way to list out the permissions granted to a folder (and sub folders) on a Windows 2003 server? I want to know which users/groups have what permissions for c:\myfolder and all the folders within it. Thanks

windows-server-2003 permissions audit

asked Dec 23 '09 at 16:48

Chris Burgess

248
1
4
11

0

votes

2 answers

Auditing SSH sessions?

I'm looking for a way that I can record and audit SSH sessions for users on my server. I need to be able to know when a user executed a command, what command they executed, and also be able to follow them through logins into other accounts (if a…

linux ssh audit

asked May 13 '19 at 19:32

lonewaft

117
1
2

0

votes

1 answer

Auditd Log all executions except some scripts

I configured my auditd to log all execve syscalls using these rules: -a exit,always -F arch=b32 -S execve -a exit,always -F arch=b64 -S execve While this perfectly captures all activity of any user on the system, obviously there is a lot of noise…

audit auditd

asked Mar 22 '19 at 10:42

KlausB

3
2

0

votes

0 answers

File system audit doesn't work for folder creation in Windows 7

I wish to enable file system audit in Windows 7. Surprisingly, I've found that no audit events occurs, when folders are creating. There is events for folder/file deletion, for file creation, but no events for folder creation. I've checked it for 2…

windows audit

asked Nov 15 '18 at 18:51

VlLight

1

0

votes

1 answer

Using auditd and retaining log files for 6 months.

Disclaimer: I'm not an accredited nor very experienced sysadmin but have been tasked with some sysadmin responsibilities Task: Find a way to log all account management activities (e.g., account creation, modification, deletion, etc.) on an Ubuntu…

security log-files audit auditd

asked Oct 09 '18 at 18:32

repr0

1
1
2

0

votes

1 answer

ausearch to filter audit logs to show only read, write , attribute changes in file

I want to filter audit logs for changes made to /etc/hosts file using ausearch (audit). I can see multiple entries for single modify action for file in ausearch like syscall=chmod, syscall=open etc. Please help me to understand exact filter…

audit auditd

asked Aug 20 '18 at 14:27

Suraj Bora

3
3

0

votes

1 answer

Enabling audit logging on GCP for VM creation

In Google Cloud Platform, is all audit logging enabled by default? I'm interested in Admin Activity logs (https://cloud.google.com/logging/docs/audit/#admin-activity), which "record when VM instances and App Engine applications are created" among…

logging google-cloud-platform audit google-stackdriver

asked Jul 19 '18 at 01:14

T. Seeker

3
1

0

votes

1 answer

How to stop syslog or auditd/ audisp from adding host information to forwarded log files?

I have forwarded the auditd log files to central log server but the log received at the central log server have extra information added to it which I dont want. Note (auditd and syslog are on same server where the auditd forwards auditd log event to…

linux syslog rsyslog audit auditd

asked Nov 29 '17 at 08:31

sherpaurgen

616
6
10
26

0

votes

2 answers

How to track and log file transfers between Production and Non-Production environments?

We have a security/compliance audit that we are preparing for and since we deal with financial institutions, one of the potential flags mentioned was how we track/monitor files that are transferred between our Production and Non-Production…

windows security file-transfer audit

asked Nov 07 '17 at 21:31

tresstylez

378
1
4
17

0

votes

2 answers

Log every file that a process accesses

I want to be able to take a process on a Linux machine and log every file that it opens, reads, or writes during a certain time window. For example, let's say that I suspect that Apache is using an incorrect file for some reason. How could I run the…

audit

asked Jul 07 '17 at 16:12

Chancelot

13
4

0

votes

1 answer

How to monitor success or failure of attempts to modify security settings or permissions in GAE?

In AWS I can use CloudTrail to monitor API calls that may impact IAM groups and roles. In Google App Engine, is there any similar offering like CloudTrail? In Google Cloud Platform, as far as I can see, the 'IAM & Admin' panel only allows…

audit google-app-engine

asked May 01 '17 at 06:06

Anthony Kong

3,288
11
57
96

0

votes

2 answers

Track folder for create/delete/move events and send a daily report

I'd like to track events such as create/delete/move for files and folders on a certain file server. This should work based on certain folders only (track folder x and nothing else). This is a Windows Server environment. Here is what I did so…

windows-server-2008-r2 logging windows-event-log audit reporting

asked Mar 22 '17 at 15:01

duenni

2,959
1
23
38

0

votes

1 answer

Keep Root Account Audit Trail

I am the owner of a company. I want to keep an audit trail of our Unix administrator who has root access to the CentOS system. How can I configure it such that the audit trail cannot be bypassed and erased even for Root user? Thanks in advance!

security root audit history

asked Feb 09 '17 at 11:45

user399598

1

Questions tagged [audit]