Highest Voted 'audit' Questions - Server Fault Stack Exchange

0

votes

1 answer

Audit logging for OpenLDAP changes

How can I produce and examine an audit trail of changes made to an OpenLDAP database, such as which user was created when, by whom, when was it edited, what was edited etc?

openldap audit

asked Aug 12 '15 at 06:27

user304436

1
1

0

votes

0 answers

how to get info on failed authentication to domain - security audit?

Setup: 1 Windows Server 2012 box as Domain Controller, named DC1. 2 Windows Server 2012 R2 boxes, S1 and S2, on the same network, same config, joined to the domain. Issue: At random times, S1, S2 or both will not allow me to RDP on the boxes with a…

active-directory windows-server-2012 authentication audit

asked Jun 30 '15 at 15:51

Razvan Zoitanu

655
1
11
26

0

votes

2 answers

How can I audit Ip adresses of users logging into system?

I have a group of servers which use Kerberos for authentication. We distribute keytabs to users but want to ensure that a user never pass their keytab to someone else. Essentially we need to audit the Ip's of users logging into our system. If the Ip…

security redhat ip kerberos audit

asked Jun 24 '15 at 15:29

Josh Wyatt

3
2

0

votes

0 answers

why is ip address sometimes missing from Security audit log Source Network address for log on audit failures?

Most of the time when someone who is not authorized attempts to log on to my Windows 2008 R2 web server, an ip address is displayed. With the ip address, i can easily block the external host from attempting to log on to my server by setting up a…

windows-server-2008 security ip-address windows-event-log audit

asked Jun 22 '15 at 17:18

gerryLowry

185
3
13

0

votes

1 answer

Remote Desktop Connection Audit

My company recently fired someone. They said, they are auditing that person's electronic activity. We all have Remote Desktop connections that we use to work from home. Do you know what level of information they can access on rdp activity? For…

remote desktop audit

asked Apr 25 '15 at 23:17

Puppydog

11

0

votes

2 answers

ssh pass original user to environment on server

First off, i do not know wether passing the information to the environment is the best approach, so i will start by detailing what i actually want to achieve. on a corporate scale, there are servers where a number of employees have individual shell…

ssh logging audit

asked Mar 26 '15 at 10:07

Niko S P

1,182
8
16

0

votes

0 answers

File Auditing in Cluster Shared Volumes

I'm trying to simply enable file auditing on a windows share (2012 R2)on top of cluster shared volume. But it doesn't behave as I expected it to behave. Here's the story: I enabled file auditing policy and confirmed that it was applied by RSOP.msc…

windows-server-2012-r2 audit eventviewer

asked Feb 23 '15 at 01:14

user2629636

774
5
19
40

0

votes

2 answers

Configure account event auditing with Secedit

I'm currently putting together a number of PS scripts which can be run against a new webserver in order to harden it prior to it being placed in production. One of these scripts will launch secedit and import a policy I have defined. My query is…

windows windows-server-2012 audit security

asked Jan 27 '15 at 11:12

JLPH

71
2
8

0

votes

2 answers

Monitor root commands issued by users

I tried to log the commands issued by the system administrators in our organization and its output using sudo plus the log_output directive as follows on the visudo file Defaults env_reset Defaults …

root sudo audit auditd

asked Nov 19 '14 at 15:28

Ignacio Mondino

19
4

0

votes

1 answer

Replacing a super user by many finer grained users (security)

I find myself in the situation where I have a super user account that can basically do everything in the domain and is set to run scheduled tasks, windows services and websites. I have inherited this situation (I understand this is very bad…

security windows audit

asked May 06 '14 at 22:02

buckley

61
7

0

votes

1 answer

Looking for VCS wrapper that tracks system files changing across the whole *nix OS and sends diffs through email

I need some software that looks after custom directories across the whole OS (i.e. /etc) and alerting me if someone edit something file inside. Additionally, this tool must automatically commit and push changes into backup server, so I can easily…

linux freebsd git audit

asked Nov 09 '13 at 12:11

nextus

1
1

0

votes

1 answer

SQL Server Trace keeps outputting files

A consultant has come and gone to do some audit on our SQL server, and has left a bit of a mess here. The problem is that he did things that we don't know anything about. In the C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\DATA…

sql-server sql-server-2008-r2 audit trace

asked Sep 17 '13 at 08:16

thomasb

103
6

0

votes

1 answer

Linux / Ubuntu fingerprinting command/method(s) to identify system wide differences in hardware / packages / configurations between 2 environments

I have 2 separate environments, and some strange behaviour occurring in one environment that is not in the other. Specifically the error is related to the PHP: Fatal error: Nesting level too deep - recursive dependency? This only occurs on AWS, but…

ubuntu amazon-web-services virtual-machines audit fingerprint

asked Sep 11 '13 at 03:12

DanH

827
2
9
26

0

votes

1 answer

Log Review Process

Currently I have a fairly large syslog-ng cluster setup that is my main log aggregation point. I have the need to be able to acknowledge certain logs and mark them as review for auditing purposes. Such as all failed sudo attempts. I can easily send…

logging audit syslog-ng

asked Aug 21 '13 at 14:56

Eric

1,383
3
17
34

0

votes

1 answer

Integrity checking vs. audit

In RHEL5 Security Guide using of AIDE for checking software integrity is recomended. And also built-in RPM integrity checking functionality. But frequent checking can be resource demanding and rare might not be very useful. On the other hand,…

best-practices audit aide

asked Apr 25 '13 at 06:12

akalenuk

543
2
6
17

Questions tagged [audit]