Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hey All my first post, so forgive me if I am in the wrong area. Well here it goes...
I am trying to understand how I should audit various users, directories and files.
For example, I would like to audit all the things that a super-user would do (i.e. all open, closes and commands). However, for other users I would like to be more selective. Moreover, I would only care when these users move to various directories. I was thinking about using the ext3 journaling system but can not find good documentation. Please point to good documentation if any one knows.
If there are any other suggestions I would be happy to entertain those.
Hello and welcome to LQ, hope you like it here. Fortunately you've posted in the right place. If you didn't it would be a problem either: anyone can report a post or thread (see the report button) to suggest a move to a subforum that's better suited. That said, are there any specific reasons for wanting a full audit trail like that? If any, what access restrictions and auditing measures are already in place?
I am trying to get a DCID 6/3 PL3 System correctly audited and I thought that the best way to audit the priviledged users (we call them maintainers)would be to understand what actual files that they would actually touch and place those files in a directory only accessible by them and a sys admin. Hence, to audit them I do not know what other resource that is at my disposal other than ext3.
IIGC those specs include DAC, controlled data storage and distribution, file labelling, end to end file encryption and auditing. So. If it runs GNU/Linux and the system conforms to that kind of specs shouldn't Auditd and SELinux auditing be in place already? (Which should help you achieve what you want to audit)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.