[Forgot Password]
Login  Register Subscribe

24544

 
 

132176

 
 

121593

 
 

909

 
 

100139

 
 

148

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 24544 Download | Alert*

Record Events that Modify the System's Discretionary Access Controls - lsetxattr At a minimum the audit system should collect file permission changes for all users and root. If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-a al ...

Record Events that Modify the System's Discretionary Access Controls - removexattr At a minimum the audit system should collect file permission changes for all users and root. If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-a ...

Record Events that Modify the System's Discretionary Access Controls - setxattr At a minimum the audit system should collect file permission changes for all users and root. If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-a alw ...

Record Attempts to Alter Logon and Logout Events The audit system already collects login info for all users and root. To watch for attempted manual edits of files involved in storing logon events, add the following to '/etc/audit/audit.rules': '-w /var/log/faillog -p wa -k logins -w /var/log/lastlog -p wa -k logins'

Record Attempts to Alter Process and Session Initiation Information The audit system already collects process information for all users and root. To watch for attempted manual edits of files involved in storing such process information, add the following to '/etc/audit/audit.rules': -w /var/run/utmp -p wa -k session -w /var/log/btmp -p wa -k session -w /var/log/wtmp -p wa -k session

Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) At a minimum the audit system should collect unauthorized file accesses for all users and root. If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following lines to a file with suffix '.rules' in the directory '/etc/audit/rules.d': -a alwa ...

Ensure auditd Collects Information on the Use of Privileged Commands At a minimum the audit system should collect the execution of privileged commands for all users and root. To find the relevant setuid / setgid programs, run the following command for each local partition

Ensure auditd Collects Information on Exporting to Media (successful) At a minimum the audit system should collect media exportation events for all users and root. If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d', setting ARCH to ...

Ensure auditd Collects System Administrator Actions At a minimum the audit system should collect administrator actions for all users and root. If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-w /etc/sudoers -p wa -k actions' If ...

Make the auditd Configuration Immutable Add the following to '/etc/audit/audit.rules' in order to make the configuration immutable: '-e 2' With this setting, a reboot will be required to change any audit rules.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2454

© SecPod Technologies