LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-19-2010, 02:20 AM   #1
pinga123
Member
 
Registered: Sep 2009
Posts: 684
Blog Entries: 2

Rep: Reputation: 37
Best way of System Logging and Auditing?


As part of server hardening process i would like to know the Best way of System Logging and Auditing.
Following point should be taken into consideration.

Logging of critical events
Logging access to critical accounts
Secure storage and availability of logs
Review of logs
Security of logs
 
Old 10-19-2010, 03:52 AM   #2
pinga123
Member
 
Registered: Sep 2009
Posts: 684

Original Poster
Blog Entries: 2

Rep: Reputation: 37
OS DETAILS(Linux Machine).
Quote:
# lsb_release -a
LSB Version:

:core-3.1-ia32:core-3.1-noarch:graphics-3.1-ia32:graphics-3.1-noarch
Distributor ID: OracleVMserver
Description: Oracle VM server release 2.2.0
Release: 2.2.0
Codename: n/a

Quote:
# uname -a
Linux OFSMUW-VS-C2 2.6.18-128.2.1.4.9.el5xen #1 SMP Fri Oct 9 14:57:31 EDT 2009 i686 i686 i386 GNU/Linux
 
Old 11-18-2010, 05:53 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by pinga123 View Post
As part of server hardening process i would like to know the Best way of System Logging and Auditing.
Please note we have the Linux Security forum for security-related questions. Searching threads there for terms like "PCI DSS", "auditing" and "logging" will yield results.


Quote:
Originally Posted by pinga123 View Post
Logging of critical events
In general we can say Linux does not do much logging out-of-the-box so the first "filter" to check is the facility / priority pairs in /etc/(r)syslog.conf.


Quote:
Originally Posted by pinga123 View Post
Logging access to critical accounts
Your distribution uses PAM which logs account access by default.


Quote:
Originally Posted by pinga123 View Post
Secure storage and availability of logs / Security of logs
Remote syslogging to a well-protected syslog host. See the rsyslog documentation.


Quote:
Originally Posted by pinga123 View Post
Review of logs
Depends on systems setup and requirements, somewhere between 'logwatch', a dedicated workstation running log analysis and reporting software or Splunk.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Extracting auditing info using awk system and ausearch BlackCrowe Programming 6 09-02-2010 01:51 AM
system call auditing sulekha Ubuntu 1 01-16-2009 02:11 AM
LXer: Lynis - Security and system auditing tool LXer Syndicated Linux News 0 03-04-2008 02:20 PM
Auditing - Logging all commands and arguments humbletech99 Linux - Security 6 12-06-2007 12:31 PM
LXer: Linux System Auditing by Example LXer Syndicated Linux News 0 05-11-2007 12:01 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:21 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration