NEW: Recognized by Analysts. Chosen by Customers. Read the Report from Gartner®

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Videos
    • Glossary
    • Infographics
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
  • Watch Demo
  • Contact Sales

Linux Security Logging: Tracking a System User’s Footsteps as They Move Through the System

with Randy Franklin Smith, CEO, Monterey Technology Group, Inc. CISA, SSCP, Security MVP

For all kinds of good reasons – including compliance, incident response, investigations and good SecDevOps practice - you need to be able to reconstruct a system user’s activity on any kind of system.

In Windows this is largely a matter of the Security log supported by Sysmon, PowerShell logs. With the right audit policy, logging configuration and those logs you can know every logon session, connections between certain logon sessions, as well as every process executed, commands run and much of what takes place inside those processes.

You can do the same thing in Linux with the right configuration and logs. In this real training for free session, our goal is to get you started doing just that.

We will explore how to track a user from when they initially logon using a local system account or a domain account if the Linux system is integrated with your AD environment. Then we will find out how they logged – most likely through SSH (secure shell) but not always.

In this session I show you how to see which commands they run. And you will learn how to see when they escalate privileges or otherwise switch to other accounts using su and sudo.

But just knowing what commands they run might not be enough. What were the results and outputs of those commands? Linux does allow you to make a full fidelity recording of each shell session but this can be tricky. The best practice is definitely to configure systems so that users must run everything of consequence through sudo.

There are a lot of other ways for users to execute scripts and commands including with child processes and cron jobs. Finally, everything in Linux comes down to the file system and so we’ll look at the file system auditing capabilities in Linux.

Here’s some of the logs we’ll introduce:

  • /var/log/secure
  • /var/log/auth.log
  • /var/log/logkeys.log
  • /var/log/sudo
  • /var/log/sulog
  • /var/log/cron

Of course, these logs are cryptic and fragmented and that is where BeyondTrust comes in who is sponsored the real training for free session.

Patrick Schneider will briefly show you how to centralize and manage the vast amounts of cryptic and fragmented data and access that data in a central repository. From start to finish, when you login to a Linux server using your AD credentials, elevate your privileges using Sudo on your Linux Workstation or elevating privileges on your tier 1 critical Linux Server infrastructure, Patrick will show you how to capture, search and access those fragmented logs as well as manage the policies and scripts in an easy-to-use GUI.

Watch and learn from Patrick that capturing, accessing and managing vast amounts of data can be easy when it comes to Linux single-sign-on and elevating privileges.


Meet the Presenters

Photograph of Randy Franklin Smith

Randy Franklin Smith, CEO, Monterey Technology Group, Inc. CISA, SSCP, Security MVP

Randy Franklin Smith is an internationally recognized expert on the security and control of Windows and Active Directory security who specializes in Windows and Active Directory security. He performs security reviews for clients ranging from small, privately held firms to Fortune 500 companies, national, and international organizations.

Photograph of Patrick Schneider

Patrick Schneider, Sr. Solutions Architect

Patrick Schneider is a Senior IGA professional, with 30 years of experience in the Information Technology industry. Prior to joining BeyondTrust as a Senior Solutions Architect, Patrick was a Senior Solutions Engineer for the Security portfolio of a major IAM solutions provider. Patrick holds many industry certifications such as Comptia+, MCP, Certified Directory Engineer, Certified Linux Engineer and more.


Watch our Webinar

Because this webinar is hosted by Ultimate IT Security, you'll register on their site.

Go to registration page

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Infographics
  • Podcast
  • Videos
  • Webinars
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.