Observing/logging a resource for purposes of: - Adding it to a blacklist of whitelist - Keeping tabs on the security of a system
Questions tagged [audit]
325 questions
4
votes
2 answers
Is there any viable alternative to using Oracle Auditing
I am currently tasked with developing a action plan for monitoring DB activity, encompassing general actions (failed logons etc) with some finer grained monitoring(e.g. who selected from table x, what was the SQL statement etc)
During the course of…

Dean
- 163
- 1
- 8
4
votes
3 answers
Tracking SQL Server 2008 Timeout Errors
we got some connections timeouts running a stored procedure in a SQL Server 2008 instance. after a while, the DB started to work as usual, and there weren't any additional timeout errors.
So I'm trying to get additional info about the error.
Does…

SDReyes
- 653
- 2
- 8
- 15
4
votes
3 answers
Decommissioning: how to list clients/applications depending on my SQL Server?
I have a SQL box that I want to decommission. Before doing so, I want to understand all the applications that may be relying on the machine, rather than just turning it off and hearing people scream.
What is the best way to do this?
I know I can…
Brent Serbus
4
votes
5 answers
How can root start a process that only root can kill?
It is easy to start a process at background or make it as systemd service.
However, if I want to start a process that monitors activities on the Linux machine, it fells to the target of attacks. If any user want to do something bad it will first…

George Y
- 528
- 6
- 16
4
votes
7 answers
Is it possible to retrieve system, software and license information from a fleet of Windows computers?
I would like to know the hardware and software information for a fleet of Windows PCs. That includes licenses that software is registered with. I would like the information to be in a simple text file. Is this possible?
Talc
3
votes
2 answers
Active Directory Audit of a User and all Services/Software attached
I have a user I need to audit. This single user is used by a bunch of services/software among other things to run. My job is to figure out everything that is tied to this user and then create new usernames in Active Directory so we can disable that…

Chuck Coggins III
- 33
- 3
3
votes
2 answers
Windows Server File Share Audit File Attribute Modification
My goal is to identify what user has set the Hidden attribute on a file within the local file share.
I have enabled File Share access auditing as per this article. In short: Added a group policy entry to enable certain accesses to be written to…

Tony Sepia
- 187
- 6
3
votes
2 answers
Can't enable Event Log
Hi I have a Windows 2012 Server and would like to do some event logging.
But when I go to the event logger I am unable to Enable Logging for the desired events. (I'm logged in as the Administrator account)
Everything is greyed out, the Log path is…

Gilles Lesire
- 243
- 1
- 3
- 13
3
votes
2 answers
Owner/administrator doesn't have permissions to change audit settings
I want to enable file auditing on a shared network drive specifically in order to track who creates and deletes files (in the event of a catastrophe). Somehow I don't have permission to change or view the directory's auditing settings, despite…

Eliza Bennet
- 71
- 1
- 7
3
votes
1 answer
file change auditing (especially for web.configs)
We occasionally have configurations in web.config(s) being changed by the IT team on live production servers. I would like to create an audit trail, e.g., "On October 11 the property "foo" in file "bar" was changed to "banana".
My first thought was…

mhenry1384
- 535
- 6
- 15
3
votes
2 answers
Command line tool for listing audit policy settings
I'm trying to find a command line way to get security settings from Local Security Policy. Specifically Security Settings > Local Policies > Audit Policy. A list of the policy and the current security setting. Ability to see if policy is editable or…

StackWolf
- 33
- 1
- 1
- 4
3
votes
0 answers
Enforcing audit settings for all subfolders and files on NTFS
On Windows 7 I would like to enforce auditing on all subfolders and files for a specific local folder, by using the included Windows auditing features. When a user moves a file from the same NTFS volume into the folder that has auditing configured,…

René
- 31
- 1
3
votes
0 answers
security audit flags redhat/centos package version numbers despite patches
Redhat has this policy of backporting security fixes.
But then when RHEL and CentOS sites get audited, the auditors invariably just list the package versions or ask ssh what it's version number is, and then they fail you because you appear to be…

DigitalRoss
- 868
- 1
- 6
- 15
3
votes
1 answer
Sending auditd records to my audispd plugin
After setting auditctl's rules, I want to send those matched records to my Python script for further analysis.
These are the involved files:
auditd records:
type=PATH msg=audit(1451011319.268:533): ...
type=CWD msg=audit(1451011319.268:533): …

Matt Elson
- 141
- 1
- 4
3
votes
1 answer
How to log execution of a specific binary/script using auditd or other
I have the following situation in hand. I have one or more specific execuatble files in /usr/bin, I will call one /usr/bin/execute , and they may either be a compiled binary or a script file, such as a perl or python script.
I would like to log…

Rboreal_Frippery
- 131
- 1
- 3