Highest Voted 'audit' Questions - Server Fault Stack Exchange

3

votes

1 answer

Is Exchange protected from/allow back dated emails?

Does Exchange Server adequately protect against backdating items in a mailbox folder? I want to determine from an auditing perspective what level of risk exists/what trust can be put into Exchange database records. Is there a (mis)feature that…

security exchange-2003 audit

asked Dec 06 '10 at 17:53

David

1,293
9
10

3

votes

2 answers

How do I figure out what is changing the userWorkstations attribute in Active Directory?

I just took over the IT for a medium sized business with a three domain controllers (2003/2008 Standard) and whenever I create a new user, after some time the user account cannot log into most machines on the network. I have traced this back to the…

active-directory audit debugging attributes

asked Apr 08 '10 at 02:56

Martin

131
4

3

votes

3 answers

Why is it good to have website content files on a separate drive other than system (OS) drive?

I am wondering what benefits will give me to move all website content files from the default inetpub directory (C:) to something like D:\wwwroot. By default IIS creates separate application pool for each website and I am using the built-in user and…

iis web-server security iis-7.5 audit

asked Mar 17 '10 at 23:41

Jeffrey

251
5
9

3

votes

0 answers

Why are docker permission errors not logged by selinux?

If you try to bind mount a directory into a container under Red Hat you might have problems with selinux. The directory will be unreadable from inside the container. Unless you add a z/Z volume option. But what I don't understand is why I can't see…

linux security permissions selinux audit

asked Jun 27 '21 at 15:57

x-yuri

2,141
2
24
29

3

votes

2 answers

add detailed authentication + logging to pix 515e

I have a pix 515e running pixos 6.3 w/ 64MB RAM, 3 ethernet interfaces, only 2 in use. I am using it as an internet gateway for ~100 devices, daily peak of about 6 Mbps (megabits per second) inbound, about 10%-20% of that value outbound. It works…

firewall authentication audit cisco-pix

asked Jan 27 '10 at 01:53

user32996

43
2

3

votes

0 answers

Configuring Solaris audit to include username into his events

Need to configure audit logging in Solaris but I have a problem. There are two SunOS servers which were configured before. When I started analysing logs I found out that in Solaris 10 I can see the name of user who login/logout but in Solaris 11…

unix solaris audit sunos

asked May 14 '21 at 11:00

agatt

31
1

2

votes

0 answers

Auditd how to exclude everything

I am trying to exclude everything but the things I want in Auditd, however the things I've tried, seem to log a lot more details, the majority are irrelevant. -a never,exclude -F msgtype=CWD -a never,exclude -F msgtype=USER_ACCT -a never,exclude -F…

linux security redhat audit auditd

asked Jan 16 '19 at 15:34

Tbuermann

41
1
1
4

2

votes

1 answer

Auditing permission changes in Exchange

What's the best way to confirm to an auditor that a change made to any permission in Exchange was actually made by a legitimate admin with an approved change ticket? We were recently asked to implement Manage Engine's "Exchange Reporter Plus" and to…

permissions exchange audit

asked Jan 15 '19 at 14:44

Keith

311
6
19

2

votes

1 answer

Exchange 2016: How to audit mailbox user access to get their IP?

I have a mailbox user (Exchange 2016) who belief that his mailbox was hacked. So I want to audit the access to his mailbox. I enabled audit via Set-Mailbox -Identity "Ben Smith" -AuditEnabled $true But it seems that via ECP I just can check which…

exchange audit

asked Jan 07 '19 at 15:29

fips123

361
1
5
17

2

votes

0 answers

Auditd - log all ssh sessions

We have about a thousand servers / virtual machines, and currently keeping track of who did what where isn't easy. And to make it worse, clients have access to their own machines and often don't know themselves who may have done what with their…

linux audit auditd

asked Jan 02 '19 at 13:52

Ulrar

387
6
23

2

votes

0 answers

Windows registry subkey creation not generating logs (Windows event ID 4657)

I am experiencing an issue where I am trying to audit a specific registry key via Windows Event ID 4657. TL; DR: I have tried to setup auditing on a registry key when a new subkey is created under it, but it does not log when this action is…

windows windows-server-2012-r2 windows-registry audit autorun

asked Dec 04 '18 at 15:46

Cilo

29
1
4

2

votes

3 answers

Password change audit on solaris

Is it possible for the Solaris audit sub system to log all password resets for local Solaris accounts? I can't find anything in Oracle's docs, or through general googling, so I'm curious whether this can be done, or if this is a technical…

solaris audit auditd

asked Sep 07 '18 at 16:19

user3246693

123
2

2

votes

1 answer

Best practice for sql server - setting up auditing for actions on a busy website

I have a very busy website. Users can create many types of content, which can then be voted up/down, reported as offensive, enabled/disabled by admins, etc, etc. I want to enable auditing of all actions that are performed on the site. The database…

sql-server audit

asked Dec 08 '09 at 14:47

David Conlisk

123
6

2

votes

1 answer

Overwritten auditd rules in PCI DSS environement

I'm setting up a PCI DSS environment and I'm facing the next problem. When installing de OS (CentOS 7.3 Minimal) I've choosen the profile "PCI DSS". When I was checkin the rules applied on /etc/audit/audit.rules there was an enourmous number of…

centos7 audit pci-dss rules

asked Sep 14 '17 at 12:20

Abel

322
3
13

2

votes

1 answer

Exchange 2013 Mailbox Audit Logging only works with OWA, not changes in Outlook

So i have enabled MailboxAuditLogging for the administrator mailbox and another testuser. If i make changes in OWA the events are recorded in the audit logs. But any changes that are made in Outlook (for example folder deletion / creation) will not…

exchange logging exchange-2013 audit

asked Aug 21 '17 at 17:50

Paul

161
1
1
8

Questions tagged [audit]