LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-10-2007, 12:50 PM   #1
jallen21
LQ Newbie
 
Registered: Dec 2007
Posts: 2

Rep: Reputation: 0
Auditing Question


Hey All my first post, so forgive me if I am in the wrong area. Well here it goes...

I am trying to understand how I should audit various users, directories and files.

For example, I would like to audit all the things that a super-user would do (i.e. all open, closes and commands). However, for other users I would like to be more selective. Moreover, I would only care when these users move to various directories. I was thinking about using the ext3 journaling system but can not find good documentation. Please point to good documentation if any one knows.

If there are any other suggestions I would be happy to entertain those.


Sincerely,

Josef
 
Old 12-10-2007, 01:38 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,984
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
Hello and welcome to LQ, hope you like it here. Fortunately you've posted in the right place. If you didn't it would be a problem either: anyone can report a post or thread (see the report button) to suggest a move to a subforum that's better suited. That said, are there any specific reasons for wanting a full audit trail like that? If any, what access restrictions and auditing measures are already in place?
 
Old 12-11-2007, 09:19 AM   #3
jallen21
LQ Newbie
 
Registered: Dec 2007
Posts: 2

Original Poster
Rep: Reputation: 0
I am trying to get a DCID 6/3 PL3 System correctly audited and I thought that the best way to audit the priviledged users (we call them maintainers)would be to understand what actual files that they would actually touch and place those files in a directory only accessible by them and a sys admin. Hence, to audit them I do not know what other resource that is at my disposal other than ext3.

Your comments.

Sincerely,

Josef
 
Old 12-11-2007, 11:56 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,984
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
IIGC those specs include DAC, controlled data storage and distribution, file labelling, end to end file encryption and auditing. So. If it runs GNU/Linux and the system conforms to that kind of specs shouldn't Auditd and SELinux auditing be in place already? (Which should help you achieve what you want to audit)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
network auditing cynthia_thomas Linux - Networking 2 10-13-2006 06:07 AM
What is Auditing support? Beezer Linux - Newbie 2 08-03-2005 08:33 PM
Auditing Services dollaz Linux - General 1 02-17-2005 03:31 PM
Network Auditing.... againstms Linux - Software 0 11-22-2004 04:17 AM
Print Auditing fjw999 Linux - Software 0 07-25-2003 04:14 AM


All times are GMT -5. The time now is 01:11 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration