Re: Auditing in old versions of Linux
What kind of auditing and/or lock downs do you use at DSS?
On 03/30/2010 12:58 PM, Woodie, Paul E, CIV, DSS wrote:
> There is an audit package called Snare, which would make possible
> auditing on previous versions of linux. It worked well. Unfortunately,
> that also required (usually) modified versions of the kernel. Perhaps
> you can find some of those components. I have not used Snare in quite a
> while.
>
>
> Paul Woodie, CISSP, IAM
>
> -----Original Message-----
> From: linux-audit-bounces(a)redhat.com
> [mailto:linux-audit-bounces@redhat.com] On Behalf Of
> linux-audit-request(a)redhat.com
> Sent: Tuesday, March 30, 2010 12:00 PM
> To: linux-audit(a)redhat.com
> Subject: Linux-audit Digest, Vol 66, Issue 12
> Importance: Low
>
> Send Linux-audit mailing list submissions to
> linux-audit(a)redhat.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://www.redhat.com/mailman/listinfo/linux-audit
> or, via email, send a message with subject or body 'help' to
> linux-audit-request(a)redhat.com
>
> You can reach the person managing the list at
> linux-audit-owner(a)redhat.com
>
> When replying, please edit your Subject line so it is more specific than
> "Re: Contents of Linux-audit digest..."
>
>
> Today's Topics:
>
> 1. Auditing in old versions of Linux (Mario Chancay)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 30 Mar 2010 08:32:35 -0700 (PDT)
> From: Mario Chancay<mario.chancay(a)yahoo.com>
> To: linux-audit(a)redhat.com
> Subject: Auditing in old versions of Linux
> Message-ID:<27921.42909.qm@web45214.mail.sp1.yahoo.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Due to technical and budget constrains, we are not yet able to migrate
> some old linux boxes to the latest versions but need to configure
> auditing under the following platforms :
>
> - Red Hat Linux Enterprise AS 3.4, 3.5, 3.6
> - Red Hat Linux 4.x
>
> Need advice to confirm if auditing is possible under this versions and
> also the recommended procedure to install/setup as I understand that the
> auditd package depends on the kernel version.
>
> Regards
>
> Mario
>
>
>
>