Highest Voted 'audit' Questions - Server Fault Stack Exchange

2

votes

2 answers

how to remove file auditing rules via Powershell?

here's a script to turn on an audit rule: $path = 'C:\...\*' $ACL = new-object System.Security.AccessControl.FileSecurity $AccessRule = new-object…

asked Jun 19 '09 at 20:35

Jordan W.

1,423
1
13
20

2

votes

2 answers

Determine when a Domain Controller was promoted

On Windows Server 2003 standard is there a way to determine when a domain controller was promoted? This is for an Active Directory 2000 functional domain. The event logs don't go back far enough.

windows-server-2003 active-directory domain audit

asked Jun 16 '11 at 17:01

PaulWaldman

508
5
14

2

votes

1 answer

Windows 2008 Audit - Acess Request Information

I'm auditing some folders in a Windows 2008 R2 server and I have a "Success Audit" entry in the Security Event Log with the following "Access Request Information": Access Request Information: Accesses: %%1537 …

windows-server-2008 audit

asked Jun 03 '11 at 14:16

Norba

57
4
11

2

votes

5 answers

Export a list of installed features on a Windows 2008 server

I have been asked to specify the features which are installed on a production web server so a replica test environment can be created. I could point and click my way to the solution but I am curious as to how this could be done through a script.…

windows-server-2008 powershell wmi audit

asked Feb 15 '11 at 13:28

Keith Bloom

257
2
4
10

2

votes

2 answers

Best practice ACLs to prepare for auditors?

An auditor will be visiting our office soon, and they will require read-only access to our data. I have already created a domain user account and placed them into a group called "Auditors". We have a single fileserver (Windows Server 2008) with…

windows-server-2008 ntfs access-control-list best-practices audit

asked Jan 15 '11 at 20:59

Nic

13,425
17
61
104

2

votes

3 answers

Tools to monitor users activity on Linux/Unix servers

Is there any specific open source tool which can be used to monitor what users are doing on linux system. I have multiple servers and with access to some users on them. I want to monitor which user ran which commands at what time. I want it to be…

linux security audit

asked Dec 26 '10 at 10:44

Ramesh Kumar

1,770
5
19
29

2

votes

2 answers

Tracking who installed Software on server

Am I correct, that if a program is installed on a Server and shows up in the 'Add Remove/Program programs', then it must have been installed when a user has logged onto the server either at the physical console, or using RDP and not when a user has…

windows-server-2003 windows-event-log audit

asked Aug 25 '10 at 15:02

sgmoore

652
5
10

2

votes

1 answer

Tracking which computer printed a document on Windows 2003 domain

Currently, when a user prints a document there is an Event ID 10 recorded in our event log. We have mostly XP Clients on a Win2003 domian. However, I cannot tell which computer this user printed a document from. How can I track which computer a user…

windows-server-2003 windows-event-log audit print-server

asked May 14 '10 at 15:33

testguy

2

votes

2 answers

See what time a user logged into a windows box

From a Windows XP command line, how do I get the time I logged into and/or out of the current machine? I'm looking for something like the UNIX last command which lists active and previous login sessions. Thanks, John

windows-xp command-line-interface login audit

asked May 12 '10 at 20:16

John in MD

221
2
9

2

votes

3 answers

How to read the transaction log for SQL Server 2008

I'd like to know whether there is any way of browsing/searching the SQL Server transaction logs (any version). We've previously used tools such as Lumigent Log Explorer against SQL Server 2000 which fulfilled our need, but the product no longer…

sql-server audit transaction-log

asked Feb 12 '10 at 17:07

MartW

1,305
10
15

2

votes

1 answer

"aureport -x --summary" shows -> /usr/sbin/sshd;61b30d72 (deleted)

On one of the machines running Centos i.e. cat /etc/redhat-release CentOS Linux release 7.9.2009 (Core) i found something strange by the command aureport -x --summary aureport -x --summary Executable Summary…

linux centos audit

asked Dec 31 '21 at 13:39

Tito

143
1
8

2

votes

4 answers

Checking the configuration of two systems to determine changes

We are standing up a replicant data center at work and need to ensure that the new data center is configured (nearly) identically to the original. The new data center will be differently addressed and named than the original and will have differing…

configuration audit

asked Jan 30 '10 at 16:45

None

2

votes

1 answer

CentOS doesn't boot with "A stop job is running for Security Auditing Service" message

CentOS prints the following during boot [ *** ] A stop job is running for Security Auditing Service (9s / 1min 30s) and then switches into the single user mode.

linux centos centos7 audit auditd

asked Aug 05 '21 at 16:09

McLayn

61
1
7

2

votes

1 answer

Linux audit files(data=)

type=TTY msg=audit(08/12/2020 02:33:30.163:107) : tty pid=2709 uid=e4ws5 auid=root ses=1 major=4 minor=1 comm=sh data="/bin/bash -i", Can anyone tell me how in this audit.log there is a field name called data= which contains the commands that…

linux log-files audit

asked Nov 08 '20 at 23:14

Vexer

23
2

2

votes

1 answer

Comparing two Linux servers for any differences

I tried to find a similar post, but couldn't. Apologies if this is a duplicate. We have a number of RHEL6 servers hosting different applications. Over time, these servers have had some tweaks to system parameters such as tcp_fin_timeout,…

linux redhat audit

asked Jul 30 '20 at 09:47

suchafunkymonkey

121
2

Questions tagged [audit]