Auditing Privileged Accounts on Unix and Linux

Malicious activity, both internal and external, can exploit privileged accounts in multiple ways. Attackers using privileged accounts can bypass controls, cover the tracks of an attack, improperly access confidential data, install malware, and make changes that impact system and data security. Proper auditing of privileged accounts can help uncover inappropriate use and can also provide part of the check-and-balances required for compliance with IT security standards like PCI and HIPAA. Enterprise grade Unix and Linux distributions provide similar auditing capabilities through Linux Audit, AIX Audit, Solaris Audit, BSD Security Event Auditing, etc. Linux Audit provides:

• File and directory watches
• Tracking of system calls
• User command recording
• Security event recording
• Integration with iptables/ebtables to monitor network events
• Searching for events
• Detail and summary reporting

But do you know if you're using all of the capabilities and if it's actually working? In this on-demand webinar, we’ll discuss key auditing utilities including: auditctl: Used to control the audit system. Shows status, and add/delete audit rules. ausearch: Searches audit logs for events based on various search criteria aureport: Generates summary reports of audit logs We’ll also take a close look at some actual audit log entries, and discuss the type of information found in each. View this on-demand webinar to learn why auditing is a cornerstone of good balanced system security.