5:19 p.m.
Hello,
I normally don't put the word out about speeches I give, or things like that.
But I am going to be teaching a hands-on audit class to demonstrate how to
configure, setup rules, and do searching and reporting using the native linux
audit tools.
The lab will be part of the Defence in Depth conference in Washington (Tyson's
Cormers, VA) on Sept 1. Its free, you just have to register. More info:
http://www.redhat.com/en/about/events/2015-defense-depth
I will be going over new features that aids insider threat detection and signs
of intrusion in addition to basics. Bring your questions and problems, let's
talk.
-Steve
12:03 p.m.
Hi Steve,
Any chance that your presentation would get recorded for later viewing
by those of us who have no budget for travel at the end of the fiscal year?
Best regards,
Gary Smith
On 07/15/2015 03:22 PM, Steve Grubb wrote:
Hello,
I normally don't put the word out about speeches I give, or things like that.
But I am going to be teaching a hands-on audit class to demonstrate how to
configure, setup rules, and do searching and reporting using the native linux
audit tools.
The lab will be part of the Defence in Depth conference in Washington (Tyson's
Cormers, VA) on Sept 1. Its free, you just have to register. More info:
http://www.redhat.com/en/about/events/2015-defense-depth
I will be going over new features that aids insider threat detection and signs
of intrusion in addition to basics. Bring your questions and problems, let's
talk.
-Steve
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
1:12 p.m.
On Thursday, July 16, 2015 05:03:26 PM Smith, Gary R wrote:
Any chance that your presentation would get recorded for later
viewing
by those of us who have no budget for travel at the end of the fiscal year?
This presentation will not be recorded. Slides will be available. I might do
something separately from this conference so that there's something people can
watch. But I expect the lab to be interactive where people can say, "We have
these requirements, what would be the best way to do it?" And sometimes,
there isn't a best way and I take notes to look into it more deeply.
-Steve
On 07/15/2015 03:22 PM, Steve Grubb wrote:
> Hello,
>
> I normally don't put the word out about speeches I give, or things like
> that. But I am going to be teaching a hands-on audit class to demonstrate
> how to configure, setup rules, and do searching and reporting using the
> native linux audit tools.
>
> The lab will be part of the Defence in Depth conference in Washington
> (Tyson's Cormers, VA) on Sept 1. Its free, you just have to register.
> More info:
>
> http://www.redhat.com/en/about/events/2015-defense-depth
>
> I will be going over new features that aids insider threat detection and
> signs of intrusion in addition to basics. Bring your questions and
> problems, let's talk.
>
> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit(a)redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
5:39 p.m.
Steve,
The agenda infers that to attend a lab, you must bring a wifi-capable
laptop with an SSH client installed.
Is this a requirement for your lab or just the Applied SCAP Lab?
Regards
On Thu, 2015-07-16 at 14:12 -0400, Steve Grubb wrote:
On Thursday, July 16, 2015 05:03:26 PM Smith, Gary R wrote:
> Any chance that your presentation would get recorded for later viewing
> by those of us who have no budget for travel at the end of the fiscal year?
This presentation will not be recorded. Slides will be available. I might do
something separately from this conference so that there's something people can
watch. But I expect the lab to be interactive where people can say, "We have
these requirements, what would be the best way to do it?" And sometimes,
there isn't a best way and I take notes to look into it more deeply.
-Steve
> On 07/15/2015 03:22 PM, Steve Grubb wrote:
> > Hello,
> >
> > I normally don't put the word out about speeches I give, or things like
> > that. But I am going to be teaching a hands-on audit class to demonstrate
> > how to configure, setup rules, and do searching and reporting using the
> > native linux audit tools.
> >
> > The lab will be part of the Defence in Depth conference in Washington
> > (Tyson's Cormers, VA) on Sept 1. Its free, you just have to register.
> > More info:
> >
> > http://www.redhat.com/en/about/events/2015-defense-depth
> >
> > I will be going over new features that aids insider threat detection and
> > signs of intrusion in addition to basics. Bring your questions and
> > problems, let's talk.
> >
> > -Steve
> >
> > --
> > Linux-audit mailing list
> > Linux-audit(a)redhat.com
> > https://www.redhat.com/mailman/listinfo/linux-audit
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
8:35 a.m.
On Saturday, July 25, 2015 08:39:22 AM Burn Alting wrote:
Steve,
The agenda infers that to attend a lab, you must bring a wifi-capable
laptop with an SSH client installed.
Is this a requirement for your lab or just the Applied SCAP Lab?
Its not my requirement. However, since it will be about Linux auditing and
people are requested to have a laptop with a linux image available, ssh client
should be there. Again, no plans for ssh right now.
-Steve
On Thu, 2015-07-16 at 14:12 -0400, Steve Grubb wrote:
> On Thursday, July 16, 2015 05:03:26 PM Smith, Gary R wrote:
> > Any chance that your presentation would get recorded for later viewing
> > by those of us who have no budget for travel at the end of the fiscal
> > year?
>
> This presentation will not be recorded. Slides will be available. I might
> do something separately from this conference so that there's something
> people can watch. But I expect the lab to be interactive where people can
> say, "We have these requirements, what would be the best way to do it?"
> And sometimes, there isn't a best way and I take notes to look into it
> more deeply.
>
> -Steve
>
> > On 07/15/2015 03:22 PM, Steve Grubb wrote:
> > > Hello,
> > >
> > > I normally don't put the word out about speeches I give, or things
> > > like
> > > that. But I am going to be teaching a hands-on audit class to
> > > demonstrate
> > > how to configure, setup rules, and do searching and reporting using
> > > the
> > > native linux audit tools.
> > >
> > > The lab will be part of the Defence in Depth conference in Washington
> > > (Tyson's Cormers, VA) on Sept 1. Its free, you just have to register.
> > > More info:
> > >
> > > http://www.redhat.com/en/about/events/2015-defense-depth
> > >
> > > I will be going over new features that aids insider threat detection
> > > and
> > > signs of intrusion in addition to basics. Bring your questions and
> > > problems, let's talk.
> > >
> > > -Steve
> > >
> > > --
> > > Linux-audit mailing list
> > > Linux-audit(a)redhat.com
> > > https://www.redhat.com/mailman/listinfo/linux-audit
>
> --
> Linux-audit mailing list
> Linux-audit(a)redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
9:15 a.m.
On Wednesday, July 15, 2015 06:19:30 PM Steve Grubb wrote:
Hello,
I normally don't put the word out about speeches I give, or things like
that. But I am going to be teaching a hands-on audit class to demonstrate
how to configure, setup rules, and do searching and reporting using the
native linux audit tools.
The lab will be part of the Defence in Depth conference in Washington
(Tyson's Cormers, VA) on Sept 1. Its free, you just have to register. More
info:
http://www.redhat.com/en/about/events/2015-defense-depth
I will be going over new features that aids insider threat detection and
signs of intrusion in addition to basics. Bring your questions and
problems, let's talk.
For anyone attending the class tomorrow, I have a tarball with some rules for
you to install. These rules are not exactly what I'd suggest running with on a
daily basis, they are intended to cause different kinds of events that we'll
talk about. Please install them before the class so that you have events to
see.
http://people.redhat.com/sgrubb/files/lab.tar.gz
I'd also suggest using Fedora 22 or RHEL7 or any distribution that's recent.
If you can, I'd also suggest using the most recent audit package.
Thanks,
-Steve
3400
days inactive
3447
days old
linux-audit@lists.linux-audit.osci.io
5 comments
3 participants
participants (3)
-
Burn Alting -
Smith, Gary R -
Steve Grubb