[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 24437 Download | Alert*

Collect Unsuccessful Unauthorized Access Attempts to Files "Monitor for unsuccessful attempts to access files. The parameters below are associated with system calls that control creation (creat), opening (open, openat) and truncation (truncate, ftruncate) of files. An audit log record will only be written if the user is a non- privileged user (auid > = 500), is not a Daemon event (auid=4294967295 ...

Collect Successful File System Mounts Monitor the use of the mount system call. The mount (and umount) system call controls the mounting and unmounting of file systems. The parameters below configure the system to create an audit record when the mount system call is used by a non-privileged user

Collect File Deletion Events by User "Monitor the use of system calls associated with the deletion or renaming of files and file attributes. This configuration statement sets up monitoring for the unlink (remove a file), unlinkat (remove a file attribute), rename (rename a file) and renameat (rename a file attribute) system calls and tags them with the identifier ""delete""."

Collect Changes to System Administration Scope (sudoers) "Monitor scope changes for system administrations. If the system has been properly configured to force system administrators to log in as themselves first and then use the sudo command to execute privileged commands, it is possible to monitor changes in scope. The file /etc/sudoers will be written to when the file or its attributes have cha ...

Collect System Administrator Actions (sudolog) Monitor the sudo log file. If the system has been properly configured to disable the use of the su command and force all administrators to have to log in first and then use sudo to execute privileged commands, then all administrator commands will be logged to /var/log/sudo.log. Any time a command is executed, an audit event will be triggered as the / ...

Collect Kernel Module Loading and Unloading "Monitor the loading and unloading of kernel modules. The programs insmod (install a kernel module), rmmod (remove a kernel module), and modprobe (a more sophisticated program to load and unload modules, as well as some other features) control loading and unloading of modules. The init_module (load a module) and delete_module (delete a module) system ca ...

Make the Audit Configuration Immutable "Set system audit so that audit rules cannot be modified with auditctl. Setting the flag ""-e 2"" forces audit to be put in immutable mode. Audit changes can only be made on system reboot."

Accept Remote rsyslog Messages Only on Designated Log Hosts By default, rsyslog does not listen for log messages coming in from remote systems. The ModLoad tells rsyslog to load the imtcp.so module so it can listen over a network via TCP. The InputTCPServerRun option instructs rsyslogd to listen on the specified TCP port.

Disable Prelink The prelinking feature changes binaries in an attempt to decrease their startup time.

Ensure NIS is not installed The Network Information Service (NIS), formerly known as Yellow Pages, is a client-server directory service protocol used to distribute system configuration files.

Pages:      Start    2    3    4    5    6    7    8    9    10    11    12    13    14    15    ..   2443

© SecPod Technologies