LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Best way of System Logging and Auditing? (https://www.linuxquestions.org/questions/linux-security-4/best-way-of-system-logging-and-auditing-838979/)

pinga123 10-19-2010 02:20 AM
Best way of System Logging and Auditing?
 
As part of server hardening process i would like to know the Best way of System Logging and Auditing.
Following point should be taken into consideration.

Logging of critical events
Logging access to critical accounts
Secure storage and availability of logs
Review of logs
Security of logs

pinga123 10-19-2010 03:52 AM
OS DETAILS(Linux Machine).
Quote:
# lsb_release -a
LSB Version:

:core-3.1-ia32:core-3.1-noarch:graphics-3.1-ia32:graphics-3.1-noarch
Distributor ID: OracleVMserver
Description: Oracle VM server release 2.2.0
Release: 2.2.0
Codename: n/a

Quote:
# uname -a
Linux OFSMUW-VS-C2 2.6.18-128.2.1.4.9.el5xen #1 SMP Fri Oct 9 14:57:31 EDT 2009 i686 i686 i386 GNU/Linux

unSpawn 11-18-2010 05:53 AM
Quote:
Originally Posted by pinga123 (Post 4132172)
As part of server hardening process i would like to know the Best way of System Logging and Auditing.
Please note we have the Linux Security forum for security-related questions. Searching threads there for terms like "PCI DSS", "auditing" and "logging" will yield results.


Quote:
Originally Posted by pinga123 (Post 4132172)
Logging of critical events
In general we can say Linux does not do much logging out-of-the-box so the first "filter" to check is the facility / priority pairs in /etc/(r)syslog.conf.


Quote:
Originally Posted by pinga123 (Post 4132172)
Logging access to critical accounts
Your distribution uses PAM which logs account access by default.


Quote:
Originally Posted by pinga123 (Post 4132172)
Secure storage and availability of logs / Security of logs
Remote syslogging to a well-protected syslog host. See the rsyslog documentation.


Quote:
Originally Posted by pinga123 (Post 4132172)
Review of logs
Depends on systems setup and requirements, somewhere between 'logwatch', a dedicated workstation running log analysis and reporting software or Splunk.


All times are GMT -5. The time now is 02:07 AM.