All Questions
51 questions
0
votes
0
answers
234
views
AuditD understanding exit,always,exclude,never
I see these 4 exit, always, exclude, and never commonly used in many different combinations like below:
-a exit,always
-a exit,never
-a exclude,always
-a exclude,never
I'm trying to understand what ...
- 1,754
0
votes
0
answers
46
views
AuditD - tuning out parent and children
I'm reading over the AuditD readmes and I see how you can use filters but is there a way that you can tune out a parent and any activity they create along with their children processes?
For example, I ...
- 1,754
2
votes
1
answer
404
views
Enabling command hashing in tcsh
It seems command hashing is disabled by default in our tcsh environment, and I'm not permitted to get it enabled across the board. Instead I'm looking to enable command hashing within individual ...
- 164
1
vote
1
answer
125
views
Force tcsh to check whether command exist in the path before attempting to execute it
I've noticed that tcsh, regardless of whether "-f" flag is passed on the shebang line, will iterate through $PATH, and try to execute the command from that path until the command is found. ...
- 164
1
vote
2
answers
990
views
Linux How to find the id of a user who ran some particular command using sudo [duplicate]
In shared environment where multiple users have sudo account, I want to find out underlying user id (not a sudo account) details who has invoked particular script. Thanks.
I tried below but it does ...
- 11
0
votes
3
answers
1k
views
In Linux how to find if a file was read and at what time
Is there a tool or command where we can see if a file was read and at what time? I would only find for last modified.
- 211
-1
votes
1
answer
109
views
How to make Linux installation verifiable/auditable?
A major goal of open source is being able to audit/verify the software you run. But the moment we use that software hosted by a third-party we need to trust them..
If I ran an OSS service on a Linux ...
- 1
0
votes
1
answer
697
views
Parse audit log commands as a complete command with arguments
I have audit logs that looks as follows:
type=CWD msg=audit(1613110144.560:260397): cwd="/"
type=PATH msg=audit(1613110144.560:260397): item=0 name="/usr/bin/sed" inode=393388 dev=...
0
votes
1
answer
57
views
SUSE LINUX 11 - Being Able To Collect User Information (Audit)
I added the following lines to the /etc/audit/audit.rules file and restarted the machine:
-w /etc/group -p wa -k identity
-w /etc/passwd -p wa -k identity
-w /etc/gshadow -p wa -k identity
-w /etc/...
- 97
0
votes
1
answer
1k
views
Can not log permission denied errors using auditctl [closed]
I try to create an auditctl rule for the following situation:
There is a file created by root, owned by root, and with chmod 700. So no other user except root can read or write to it.
When I then try ...
- 33
8
votes
1
answer
8k
views
Why do I get a warning for the sudoers.d when doing an audit with Lynis?
I stumbled upon Lynis - a security auditing tool for linux - and ran it on my Raspberry Pi to see if I could harden it a bit more. I got one warning in the Authentication group that confuses me.
- ...
- 167
1
vote
1
answer
481
views
Perform special action on bash timeout
This question is related only to bash, no ssh or any other tool.
I would like to detect a bash timeout, and only a timeout: I am NOT interested in any other exit conditions (exit, EOF, ^D, or ...
- 203
0
votes
1
answer
105
views
How to interpret /var/log output
I have trouble interpreting the following output from /var/log. Both lines show the same result but of different date? What does this mean?
Currently doing an audit to ensure that the directories are ...
- 7
1
vote
0
answers
1k
views
Continuously monitoring network connections
I am looking for a network monitoring tool that can monitor all opened network connections in real-time and its output is easy to parse. What I want to achieve is auditing all in/out network ...
- 21
0
votes
1
answer
423
views
how to extracting only few records from audit.log
How to Extract audit.log
While starting auditd service in linux it records all executed commands as exepected but in addition it records the background process too (the commands which is not executed ...
- 25