[Forgot Password]
Login  Register Subscribe

24547

 
 

132803

 
 

127844

 
 

909

 
 

105823

 
 

152

 
 
Paid content will be excluded from the download.

Filter
Matches : 24547 Download | Alert*

Record Events that Modify the System's Discretionary Access Controls - lchown At a minimum the audit system should collect file permission changes for all users and root. If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-a alway ...

Record Events that Modify the System's Discretionary Access Controls - lremovexattr At a minimum the audit system should collect file permission changes for all users and root. If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-a ...

Record Events that Modify the System's Discretionary Access Controls - lsetxattr At a minimum the audit system should collect file permission changes for all users and root. If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-a al ...

Record Events that Modify the System's Discretionary Access Controls - removexattr At a minimum the audit system should collect file permission changes for all users and root. If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-a ...

Record Events that Modify the System's Discretionary Access Controls - setxattr At a minimum the audit system should collect file permission changes for all users and root. If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-a alw ...

Record Attempts to Alter Logon and Logout Events The audit system already collects login info for all users and root. To watch for attempted manual edits of files involved in storing logon events, add the following to '/etc/audit/audit.rules': '-w /var/log/faillog -p wa -k logins -w /var/log/lastlog -p wa -k logins'

Record Attempts to Alter Process and Session Initiation Information The audit system already collects process information for all users and root. To watch for attempted manual edits of files involved in storing such process information, add the following to '/etc/audit/audit.rules': -w /var/run/utmp -p wa -k session -w /var/log/btmp -p wa -k session -w /var/log/wtmp -p wa -k session

Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) At a minimum the audit system should collect unauthorized file accesses for all users and root. If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following lines to a file with suffix '.rules' in the directory '/etc/audit/rules.d': -a alwa ...

Ensure auditd Collects Information on the Use of Privileged Commands At a minimum the audit system should collect the execution of privileged commands for all users and root. To find the relevant setuid / setgid programs, run the following command for each local partition

Ensure auditd Collects Information on Exporting to Media (successful) At a minimum the audit system should collect media exportation events for all users and root. If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d', setting ARCH to ...


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2454

© SecPod Technologies