Re: Audit class/lab
On Wednesday, July 15, 2015 06:19:30 PM Steve Grubb wrote:
Hello,
I normally don't put the word out about speeches I give, or things like
that. But I am going to be teaching a hands-on audit class to demonstrate
how to configure, setup rules, and do searching and reporting using the
native linux audit tools.
The lab will be part of the Defence in Depth conference in Washington
(Tyson's Cormers, VA) on Sept 1. Its free, you just have to register. More
info:
http://www.redhat.com/en/about/events/2015-defense-depth
I will be going over new features that aids insider threat detection and
signs of intrusion in addition to basics. Bring your questions and
problems, let's talk.
For anyone attending the class tomorrow, I have a tarball with some rules for
you to install. These rules are not exactly what I'd suggest running with on a
daily basis, they are intended to cause different kinds of events that we'll
talk about. Please install them before the class so that you have events to
see.
http://people.redhat.com/sgrubb/files/lab.tar.gz
I'd also suggest using Fedora 22 or RHEL7 or any distribution that's recent.
If you can, I'd also suggest using the most recent audit package.
Thanks,
-Steve