Malicious activity, both internal and external, can exploit privileged accounts in multiple ways. Attackers using privileged accounts can bypass controls, cover the tracks of an attack, improperly access confidential data, install malware, and make changes that impact system and data security.
Proper auditing of privileged accounts can help uncover inappropriate use and can also provide part of the check-and-balances required for compliance with IT security standards like PCI and HIPAA.
Enterprise grade Unix and Linux distributions provide similar auditing capabilities through Linux Audit, AIX Audit, Solaris Audit, BSD Security Event Auditing, etc.
Linux Audit provides:
- File and directory watches
- Tracking of system calls
- User command recording
- Security event recording
- Integration with iptables/ebtables to monitor network events
- Searching for events
- Detail and summary reporting
But do you know if you're using all of the capabilities and if it's actually working? In this on-demand webinar, we’ll discuss key auditing utilities including:
auditctl: Used to control the audit system. Shows status, and add/delete audit rules.
ausearch: Searches audit logs for events based on various search criteria
aureport: Generates summary reports of audit logs
We’ll also take a close look at some actual audit log entries, and discuss the type of information found in each.
View this on-demand webinar to learn why auditing is a cornerstone of good balanced system security.
Gary Patterson, IT & Security Expert
Gary Patterson is an Information Technology security consultant with experience with a variety of platforms including Cisco, Windows, Linux, AIX, and IBM i / iSeries / AS/400. Gary assists clients with a wide variety of IT security-related tasks - including IT security standards compliance, application/server/network security testing, security monitoring, source code vulnerability scanning, encryption implementations, and incident response. Gary is one of the founders and Vice President of Quorum Resources, Inc. (www.quorumresources.com), an IT services company.