Security Basics mailing list archives
Linux auditd and Snare - events to look for
From: peenacolada69 () yahoo com
Date: Sat, 7 Apr 2012 23:43:44 GMT
I have some Linux servers. I have set up auditd and Snare on them, in order to capture security-related log entries occurring on these servers. (As a starting point, I am using Snare's pre-configured settings for Payment Card Industry, in order to quickly start capturing some security-related log entries). This generates > 100,000 log entries per day from each server. I will likely store most of these log entries, in case one day a forensic investigation needs to be performed. Now I need to find the "important" security-related events in these logs. The stuff I would want to know about sooner rather than later. Things like the auditing configuration being changed, a new user being added, software installation, etc. My question is, what log entries/text strings is everyone else out there searching for? I am looking for specifics. For example, when a user is added, what are those one or two relevant strings to search for out of the hundreds or thousands of log entries created? What are the strings you "grep" your Linux auditd/Snare logs for? (Not the syslogs; auditd has different info than the syslogs). TIA Ely ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Linux auditd and Snare - events to look for peenacolada69 (Apr 09)
- Re: Linux auditd and Snare - events to look for Champ Clark III (Apr 09)