Highest Voted 'audit' Questions - Server Fault Stack Exchange

3

votes

0 answers

New Server 2012 R2 Essentials generating Audit Failure Event 4625 Null SID Logon Attempts

I am researching a failed login issue that is triggering our monitoring software. Researching the issue, the only other information I could find that was exactly what I was seeing, was on here: Event 4625 Audit Failure NULL SID failed network…

asked Nov 08 '15 at 18:48

Paul

31
3

3

votes

3 answers

How to audit file and folder deletes on Windows Server 2008 r2

I need to enable auditing of delete actions on a specific network shared folder (and all its children) on a Windows Server 2008 r2 machine. The closest I could find was this article -…

windows-server-2008-r2 audit deleting

asked Sep 29 '15 at 14:48

Neville

133
1
1
5

3

votes

1 answer

How do you audit cloud servers?

So we have a decent number for cloud servers that are on Rackspace (numerous) accounts. I'm looking for a solution to the - What's on that server? Where is that server? How do I get to that server? I know I could whip out a nice spreadsheet of…

audit rackspace

asked Jan 08 '14 at 21:13

Valien

193
2
8

3

votes

1 answer

Reporting tools for auditd

I need to set up auditing in my environment, specifically file integrity monitoring. I've tried OSSEC, but found it cumbersome. I've since discovered auditd (already installed on my CentOS 6 system) and found it to be a simple but powerful…

linux puppet audit reporting alerts

asked Sep 16 '13 at 15:35

Banjer

3,974
12
41
47

3

votes

3 answers

Logging when limit Exceeds

Is there a log file that logs information when the values set in /etc/security/limits.conf are exceeded? If the values are too tight in the above file the clients using the website hosted on the server sees errors such as [FATAL] failed to allocate…

linux security debian logging audit

asked Sep 05 '13 at 10:42

Stormvirux

133
5

3

votes

9 answers

Background, Security & Credit Checks for Domain Admins

As of this week, all Domain Admins in the organisation have had to submit to background and credit checks in order to maintain these rights, and quite possibly continuation of employment (afterall, what use is a Domain Admin to an organisation…

security audit sox

asked Aug 07 '09 at 21:48

Izzy

8,224
2
31
35

3

votes

2 answers

Tracking local user accounts for security audit

I would like to compile a list of local users accounts from all servers on the network. This would include domain and non domain W2K3 machines. A script to run net user and pipe the results to a file? Any help is appreciated. Thx

windows security users audit accounts

asked Jul 28 '09 at 20:54

Jeff

3

votes

1 answer

central log-server with auditdisp

I want to setup a central log-server. The log-server is running with debian 6.0.6 and the audit daemon is installed in version 1.7.13-1. The Clients are running with Red Hat 5.5 and they connect to the log-server via audispd. The connection works…

linux logging audit security

asked Oct 26 '12 at 10:15

johan

31
1

3

votes

1 answer

Changing pam.d/system_auth?

I'm trying to change pam.d/system_auth to help with password complexity as required by an audit. I'm not familiar with PAM, but the system_auth file says This file is auto generated User changes will be destroyed the next time authconfig is…

password audit security passwd

asked Jul 21 '09 at 19:54

Evan

177
2
8

3

votes

6 answers

How to find out which files are read from a folder

I have an installation of a very large Windows program, and I want to understand which files are actually read while I install the program, which my specific setup. Is there a way to monitor this and get a list of files which were read? I looked at…

windows windows-server-2003 ntfs audit

asked Jul 19 '09 at 14:43

gala

3

votes

1 answer

linux audit - exclude a process that updates the time

I have set my auditd rules to log when the system time is changed However, our servers are VMs and thus have problems with the time drifting out. We needed to solve this issue so we used a VMware tool to regularly synchronize the time. My problem…

linux audit

asked Jun 01 '12 at 14:47

user185704

55
7

3

votes

1 answer

How do I check whether an administrator has viewed the security audit log?

A colleague and I have been discussing an IS audit demo on Windows. One point we'd like to cover is that an administrative/high-privilege user should view the security log within X hours of a failure event. Something as follows Read the ID of a…

windows audit filter

asked Feb 25 '12 at 09:32

Everyone

249
2
4
9

3

votes

1 answer

Possible to forward logs for microsoft products

This may be a duplicate, as i'm fishing for information, as I'm not that au fait with logging on windows. I know on Unix you can ship syslogs via the relay and RFC 5424. I also know you forward windows event logs with event subscription within a…

windows logging log-files audit

asked Oct 25 '11 at 13:34

scope_creep

207
2
7

3

votes

1 answer

Possible to audit newly added Exchange 2007 ActiveSync devices?

We have a client who would like to be notified when a new ActiveSync device is added. My thoughts are that this is not possible but I would like to confirm.

exchange-2007 windows-sbs audit activesync windows-sbs-2008

asked Oct 18 '11 at 17:32

cjones26

276
1
6
18

3

votes

2 answers

How do you check that servers/pcs are not infected

Simple question. Developers PCs have to have free access to network, including servers etc., and they have to have administrative access to perform work effectively. However developers also use a lot of non-Microsoft tools which are available as…

security audit

asked Jul 02 '11 at 14:46

Coder

367
1
2
9

Questions tagged [audit]