[Forgot Password]
Login  Register Subscribe

24437

 
 

132035

 
 

118989

 
 

909

 
 

93902

 
 

143

 
 
Paid content will be excluded from the download.

Filter
Matches : 24437 Download | Alert*

Disable System on Audit Log Full The auditd daemon can be configured to halt the system when the audit logs are full.

Keep All Auditing Information Normally, auditd will hold 4 logs of maximum log file size before deleting older log files.

Enable Auditing for Processes That Start Prior to auditd Configure grub or lilo so that processes that are capable of being audited can be audited even if they start up prior to auditd startup.

Record Events That Modify Date and Time Information "Capture events where the system date and/or time has been modified. The parameters in this section are set to determine if the adjtimex (tune kernel clock), settimeofday (Set time, using timeval and timezone structures) stime (using seconds since 1/1/1970) or clock_settime (allows for the setting of several internal clocks and timers) system ca ...

Record Events That Modify User/Group Information "Record events affecting the group, passwd (user IDs), shadow and gshadow (passwords) or /etc/security/opasswd (old passwords, based on remember parameter in the PAM configuration) files. The parameters in this section will watch the files to see if they have been opened for write or have had attribute changes (e.g. permissions) and tag them with t ...

Record Events That Modify the System's Network Environment Record changes to network environment files or system calls. The below parameters monitor the sethostname (set the systems host name) or setdomainname (set the systems domainname) system calls, and write an audit event on system call exit. The other parameters monitor the /etc/issue and /etc/issue.net files (messages displayed pre- login) ...

Record Events That Modify the System's Mandatory Access Controls Monitor SELinux mandatory access controls. The parameters below monitor any write access (potential additional, deletion or modification of files in the directory) or attribute changes to the /etc/selinux directory.

Collect Login and Logout Events Monitor login and logout events. The parameters below track changes to files associated with login/logout events. The file /var/log/faillog tracks failed events from login. The file /var/log/lastlog maintain records of the last time a user successfully logged in. The file /var/log/tallylog maintains records of failures via the pam_tally2 module

Collect Session Initiation Information "Monitor session initiation events. The parameters in this section track changes to the files associated with session events. The file /var/run/utmp file tracks all currently logged in users. The /var/log/wtmp file tracks logins, logouts, shutdown and reboot events. All audit records will be tagged with the identifier ""session."" The file /var/log/btmp keep ...

Collect Discretionary Access Control Permission Modification Events "Monitor changes to file permissions, attributes, ownership and group. The parameters in this section track changes for system calls that affect file permissions and attributes. The chmod, fchmod and fchmodat system calls affect the permissions associated with a file. The chown, fchown, fchownat and lchown system calls affect own ...


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2443

© SecPod Technologies