Alert icon Keyboard navigation enabled.
Alert icon TAB or Shift+TAB to navigate across. Down ↓ to open menu. ESC to close menu.
Alert icon Down ↓ to select section. Right → to activate. Up ↑ / Down ↓ / Tab to traverse all. ESC to exit.
BeyondTrust
Skip to content Use space or enter to skip.

What can we help you find today?

Instant Results
  • Website Results
  • Technical Documentation

Filter Options

Focus your search

Filtering by

Your recent searches:

Contact Us Chat with Sales Get Support
  • English
  • Deutsch
  • français
  • español
  • 한국어
  • português
  • Home
  • Resources
  • Webinars
  • Linux Security Logging: Tracking a System User’s Footsteps as They Move Through the System current page
Link copied

Linux Security Logging: Tracking a System User’s Footsteps as They Move Through the System

with Randy Franklin Smith, CEO, Monterey Technology Group, Inc. CISA, SSCP, Security MVP
Webinars default
Linux Security Logging: Tracking a System User’s Footsteps as They Move Through the System

Get Instant Access to this Content

Learn more about how to secure your business from threats in places you didn't even know existed.

For all kinds of good reasons – including compliance, incident response, investigations and good SecDevOps practice - you need to be able to reconstruct a system user’s activity on any kind of system.

In Windows this is largely a matter of the Security log supported by Sysmon, PowerShell logs. With the right audit policy, logging configuration and those logs you can know every logon session, connections between certain logon sessions, as well as every process executed, commands run and much of what takes place inside those processes.

You can do the same thing in Linux with the right configuration and logs. In this real training for free session, our goal is to get you started doing just that.

We will explore how to track a user from when they initially logon using a local system account or a domain account if the Linux system is integrated with your AD environment. Then we will find out how they logged – most likely through SSH (secure shell) but not always.

In this session I show you how to see which commands they run. And you will learn how to see when they escalate privileges or otherwise switch to other accounts using su and sudo.

But just knowing what commands they run might not be enough. What were the results and outputs of those commands? Linux does allow you to make a full fidelity recording of each shell session but this can be tricky. The best practice is definitely to configure systems so that users must run everything of consequence through sudo.

There are a lot of other ways for users to execute scripts and commands including with child processes and cron jobs. Finally, everything in Linux comes down to the file system and so we’ll look at the file system auditing capabilities in Linux.

Here’s some of the logs we’ll introduce:

  • /var/log/secure
  • /var/log/auth.log
  • /var/log/logkeys.log
  • /var/log/sudo
  • /var/log/sulog
  • /var/log/cron

Of course, these logs are cryptic and fragmented and that is where BeyondTrust comes in who is sponsored the real training for free session.

Patrick Schneider will briefly show you how to centralize and manage the vast amounts of cryptic and fragmented data and access that data in a central repository. From start to finish, when you login to a Linux server using your AD credentials, elevate your privileges using Sudo on your Linux Workstation or elevating privileges on your tier 1 critical Linux Server infrastructure, Patrick will show you how to capture, search and access those fragmented logs as well as manage the policies and scripts in an easy-to-use GUI.

Watch and learn from Patrick that capturing, accessing and managing vast amounts of data can be easy when it comes to Linux single-sign-on and elevating privileges.


Meet the Presenters

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
Randy Franklin Smith 200X200
Randy Franklin Smith
CEO, Monterey Technology Group, Inc. CISA, SSCP, Security MVP

Randy Franklin Smith is an internationally recognized expert on the security and control of Windows and Active Directory security who specializes in Windows and Active Directory security. He performs security reviews for clients ranging from small, privately held firms to Fortune 500 companies, national, and international organizations.

Schneider Patrick 20230124 NC4 B1418
Patrick Schneider
Sr. Solutions Architect

Patrick Schneider is a Senior IGA professional, with 30 years of experience in the Information Technology industry. Prior to joining BeyondTrust as a Senior Solutions Architect, Patrick was a Senior Solutions Engineer for the Security portfolio of a major IAM solutions provider. Patrick holds many industry certifications such as Comptia+, MCP, Certified Directory Engineer, Certified Linux Engineer and more.


Latest
  • What’s New! Privileged Remote Access 26.2 Release
    Jul 10, 2026 What’s New! Privileged Remote Access 26.2 Release
    Webinar
Related
  • How BeyondTrust Can Facilitate NCA ECC Compliance: An Auditor’s Perspective
    Oct 1, 2025 How BeyondTrust Can Facilitate NCA ECC Compliance: An Auditor’s Perspective
    On-demand we...
Share this Article
  • Link

Keep up with BeyondTrust

Customer Support Get Started
  • LinkedIn
  • X
  • Facebook
  • Instagram
  • Add BeyondTrust as a preferred source on Google
  • Privacy
  • Security
  • Manage Cookies
  • Do Not Sell My Data
  • WEEE Compliance

Copyright © 2003 — 2026 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Prefers reduced motion setting detected. Animations will now be reduced as a result.