unSpawn |
11-18-2010 05:53 AM |
Quote:
Originally Posted by pinga123
(Post 4132172)
As part of server hardening process i would like to know the Best way of System Logging and Auditing.
|
Please note we have the Linux Security forum for security-related questions. Searching threads there for terms like "PCI DSS", "auditing" and "logging" will yield results.
Quote:
Originally Posted by pinga123
(Post 4132172)
Logging of critical events
|
In general we can say Linux does not do much logging out-of-the-box so the first "filter" to check is the facility / priority pairs in /etc/(r)syslog.conf.
Quote:
Originally Posted by pinga123
(Post 4132172)
Logging access to critical accounts
|
Your distribution uses PAM which logs account access by default.
Quote:
Originally Posted by pinga123
(Post 4132172)
Secure storage and availability of logs / Security of logs
|
Remote syslogging to a well-protected syslog host. See the rsyslog documentation.
Quote:
Originally Posted by pinga123
(Post 4132172)
Review of logs
|
Depends on systems setup and requirements, somewhere between 'logwatch', a dedicated workstation running log analysis and reporting software or Splunk.
|