LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-08-2006, 10:56 AM   #1
geburah
LQ Newbie
 
Registered: Mar 2006
Posts: 13

Rep: Reputation: 0
Smile Linux auditing in fedora, Selinux and auditd


Hi all, this is my first post here.

I am looking for teh best way to audit linux, and decide what is in the audit and what's not. auditd itself looks a bit difficult to manage. Is tehre any set of commands or front-end to manage it?

If not, do you know of a good manual for it? I have been looking for it but I only find man pages.

I have read that selinux uses auditd. How can I manage auditd from selinux? Is there any tutorial or something that can help me getting started. Again all I can find are documents about linux security.

Thanks to all.
 
Old 03-12-2006, 08:32 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598
I am looking for teh best way to audit linux
Please define "best" wrt requirements etc, etc. If you don't know what you want/need have a look at for instance "Securing and Hardening Linux Production Systems" (wrt to SOX, SAS70): http://www.puschitz.com/SecuringLinux.shtml
If you really meant to use SELinux, then please read up on it first and then ask more specific questions.
 
Old 03-14-2006, 05:38 AM   #3
geburah
LQ Newbie
 
Registered: Mar 2006
Posts: 13

Original Poster
Rep: Reputation: 0
I work with RHL 3.0 boxes that have auditd deamon runnig but not SElinux enabled.
Since I posted the question I found out that there are a set of tools (setools) to manage SElinux. But tehy dont work if SElinux is not enabled.

Another option I came across was praudit, but looks like a Solaris tool only.

I will rephrase it, I am not looking for teh best way. I am looking for the way to perform audit in Linux without SElinux.

Thanks.
 
Old 03-16-2006, 04:46 AM   #4
geburah
LQ Newbie
 
Registered: Mar 2006
Posts: 13

Original Poster
Rep: Reputation: 0
I have reduced my search. I need now help understanding audit and /etc/audit/filter.conf

Thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Updating Selinux on Fedora C3 followed by strangeness nevarlen Linux - Security 12 07-05-2005 01:20 AM
Stock Install of Fedora Core 4 with SELinux SYD2005 Linux - Security 2 06-27-2005 07:31 PM
Linux Server Auditing mshajan Linux - Software 1 05-05-2005 01:37 PM
Fedora 2 with SELINUX startup errors Pisces107 Fedora 4 09-26-2004 01:08 AM
Harware auditing for Linux? vrillusions Linux - Hardware 0 04-06-2003 12:25 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration