Highest Voted 'audit' Questions - Server Fault Stack Exchange

6

votes

1 answer

How to determine new file name from audit log on renaming?

[Windows 2008 R2 File System audit] When I delete the file, two event log audit messages appear: 4663 which means request for file deletion and 4660 which confirms the deletion. Thay can be joined by attribute Handler. When I rename the file, two…

windows-server-2008-r2 audit

asked Jul 24 '14 at 18:48

filimonic

323
3
14

6

votes

3 answers

Auditctl - filtering out cron messages

Im using auditctl and get a lot of logging events for crond. I do not wish to log any cron/crond events. node=127.0.0.1 type=CRED_DISP msg=audit(1405678801.149:5571): user pid=1757 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023…

security logging audit

asked Jul 18 '14 at 10:39

Kiksy

327
1
5
11

6

votes

3 answers

Is it possible to audit the Amazon AWS console?

We had a situation recently where an elastic IP address assigned to a production server mysteriously became disassociated from that server. We have had this same thing happen in the past to other (fortunately, non-production) servers. We have…

amazon-ec2 amazon-web-services audit

asked May 10 '13 at 17:59

Brien Malone

199
1
6

6

votes

2 answers

What does a standard tech audit include and what is a reasonable price for it?

I am a programmer, but the company I am working for has been growing and has outgrown the 2 man IT contractor team that has been servicing us. We are looking into several different solutions for our IT needs now (smallish company 30 computers, 3…

security audit

asked Feb 13 '13 at 16:31

Ryan

172
8

6

votes

4 answers

Penetration Testing - Trust and Hiring

When you hire someone/business to come in how can you be sure they won't have a rogue employee who will backdoor your systems? Is there a way you can trust anyone? How do big corporations do it? Seems with so many possible openings that the chance…

linux windows audit security

asked Aug 07 '12 at 16:22

Tiffany Walker

6,681
14
56
82

5

votes

1 answer

What's the difference between auid, uid, euid, suid, fsuid, obj_uid, gid, egid, sgid, fsgid, obj_gid in `auditctl`?

My server is centos7.6 with auditd 2.8.5 In audit rule, I set: -a always,exit -F arch=b32 -S adjtimex,settimeofday -F key=time-change But this rule also record normal ntpd activities,then I tried to revise this rule to: -a always,exit -F…

centos7 audit auditd

asked Mar 13 '19 at 07:13

kittygirl

945
5
13
33

5

votes

5 answers

How to find out what files an installer (rpm, deb) created?

I need to find out all the file system modifications an installer did. Most likely the installed package is an rpm or deb, but an app could of course be simply copied over or compiled and installed with the configure;make;make install way. Even…

linux security filesystems audit inotify

asked Nov 18 '09 at 23:37

Auditor Newbie

5

votes

2 answers

How do I audit network connections that exceed a certain amount of traffic or bandwidth on Linux?

I've looking after some Debian boxes and occasionally I see a big spike in the network traffic. I'm graphing metrics with graphite (being fed by a sensu check which gathers per-interface metrics every minute) and occasionally see this sort of…

linux monitoring audit

asked Jul 06 '14 at 19:11

growse

8,020
13
74
115

5

votes

4 answers

Audit files on a Debian box

Is it possible to list every file on the system that does not belong to a package? or if they have been modified? Might need to use something like: apt-get, apt-files, dpkg-query, etc For context, imagine inheriting an old server that can't be…

ubuntu debian apt audit

asked Jan 18 '14 at 21:25

Craig Francis

633
1
8
23

5

votes

2 answers

SELinux: denied { execute } for pid=2174 comm="httpd" path="/etc/httpd/lib/libaprutil-1.so.0.5.3"

I have problem with SELinux. setroubleshoot suggested to enable mypol.pp with semodule -i mypol.pp so apache could run. after I run the suggested command, I'm keep getting: type=AVC msg=audit(1388119964.806:11): avc: denied { execute } for …

linux centos selinux audit

asked Dec 27 '13 at 15:31

Orlo

231
1
3
11

5

votes

2 answers

Unable to start auditd

I am on CentOS 5.8 final I recently installed auditd via yum install audit however I am unable to start it. I edited the configuration file to give a verbose output of the error it is recieving in starting up and this is the output: # service auditd…

linux centos selinux audit

asked Jun 10 '12 at 14:10

George Reith

673
2
12
22

5

votes

6 answers

There is any Windows logger tool which would track file manipulation?

I want to be able to know who and when touched a file. My last question showed that I can't rely on NTFS.

windows logging ntfs audit

asked Jul 07 '09 at 23:48

Jader Dias

4,705
19
50
51

5

votes

1 answer

Exchange security monitoring tools

I am trying to identify tools that can perform security monitoring of Exchange. Ideally, the tools should be able to pick up things like: permission changes for high risk mailboxes multiple connections to same mailbox Bonus points if it can be…

security exchange monitoring audit

asked Nov 28 '11 at 19:11

Konrads

870
2
20
40

5

votes

2 answers

Is it worth running nessus as well as OpenVAS?

Apparently OpenVAS originated as a fork of Nessus. It is very easy to install and use OpenVAS because it's, well, open. However, am I kidding myself if I just use that instead of Nessus? Should I be using both, or if I use Nessus then is OpenVAS…

audit security openvas

asked Nov 16 '10 at 13:26

kdt

1,400
3
22
34

5

votes

2 answers

How to detect Windows Server 2003/2008 Release (R1 or R2) programatically?

I can easily pickup whether a server is Win2k3, 2k8, standard edition, enterprise edition, x86, x64, but I cannot find a way of determining if it's Release 1 or 2. HP Systems Insight Manager somehow manages it. Arghhh!

windows-server-2008 windows-server-2003 audit

asked Oct 11 '10 at 09:38

Simon Catlin

5,232
3
17
20

Questions tagged [audit]