Linux auditing in fedora, Selinux and auditd
Hi all, this is my first post here.
I am looking for teh best way to audit linux, and decide what is in the audit and what's not. auditd itself looks a bit difficult to manage. Is tehre any set of commands or front-end to manage it? If not, do you know of a good manual for it? I have been looking for it but I only find man pages. I have read that selinux uses auditd. How can I manage auditd from selinux? Is there any tutorial or something that can help me getting started. Again all I can find are documents about linux security. Thanks to all. |
I am looking for teh best way to audit linux
Please define "best" wrt requirements etc, etc. If you don't know what you want/need have a look at for instance "Securing and Hardening Linux Production Systems" (wrt to SOX, SAS70): http://www.puschitz.com/SecuringLinux.shtml If you really meant to use SELinux, then please read up on it first and then ask more specific questions. |
I work with RHL 3.0 boxes that have auditd deamon runnig but not SElinux enabled.
Since I posted the question I found out that there are a set of tools (setools) to manage SElinux. But tehy dont work if SElinux is not enabled. Another option I came across was praudit, but looks like a Solaris tool only. I will rephrase it, I am not looking for teh best way. I am looking for the way to perform audit in Linux without SElinux. Thanks. |
I have reduced my search. I need now help understanding audit and /etc/audit/filter.conf
Thanks. |
All times are GMT -5. The time now is 09:37 AM. |