Gavin Appleton is out of the office.
by Gavin Appleton
I will be out of the office starting 14/03/2011 and will not return until
21/03/2011.
On Paternity leave ! If urgent please contact TST MF front shop on 52580.
14 years
- 1
- 0
looking for help in coming up to speed with auditd
by larry.erdahl@usbank.com
I'm new to auditd, and have been assign to come up with a "best practice"
standard for the deployment and audit settings for Linux servers using
auditd, Other then the man pages does anyone have any suggestions for
"best practices", books or training courses that would help me get a
better understanding of auditd and its syntax?
Any help would be most appreciated, thanks...
Larry E. Erdahl
Information Security Services
Computer Security Incident Response Team (CSIRT)
1 Meridian Crossing
Richfield, MN 55423
Mail Code: EP-MN-MS6I
Office Phone: (612)973-7153
U.S. BANCORP made the following annotations
---------------------------------------------------------------------
Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.
---------------------------------------------------------------------
14 years, 1 month
- 2
- 1
auditd log files
by Brian Ross
I would like to know how I can read the auditd log files stored in /var/log/audit.d.
I have a problem where the auditd system seems to go haywire, fills the /var filesystem up to its maximum allowed 80% and then starts to try and delete the old log files but the /var filesystem keeps filling up, at which point it ceases execution and then I have SysEdge reporting a massive CPU load and the whole server locks up.
I believe the auditd system's behavior is symptomatic, rather than the cause of the problem. I note that the auditd log files are in some binary format. Is there a means to read them?
cheers
Brian Ross
Technical Consultant
ASG Group Limited
Level 1 / 267 St Georges Tce.
Perth, WA, 6000
Telephone +61 8 9420 5451
Mobile +61 0434 181 701
Facsimile +61 8 9420 5422
Brian.Ross(a)asggroup.com.au<mailto:DooWhan.Kweon@asggroup.com.au>
http://www.asggroup.com.au/
[cid:image001.gif@01CBDE5F.519A30B0]
Confidentiality Notice: The information contained in this message is strictly confidential. It is intended only for the use of the individual or entity named above. If the reader is not the intended recipient, or the authorised agent thereof, you are hereby notified that any disclosure, use, distribution or copying of the within information is strictly prohibited. If you have received this message in error, please notify us immediately by telephone and delete all copies of the original message.
P PLEASE CONSIDER THE ENVIRONMENT BEFORE YOU PRINT THIS E-MAIL
14 years, 1 month
- 2
- 1