On Wednesday, July 15, 2015 06:19:30 PM Steve Grubb wrote: > Hello, > > I normally don't put the word out about speeches I give, or things like > that. But I am going to be teaching a hands-on audit class to demonstrate > how to configure, setup rules, and do searching and reporting using the > native linux audit tools. > > The lab will be part of the Defence in Depth conference in Washington > (Tyson's Cormers, VA) on Sept 1. Its free, you just have to register. More > info: > > http://www.redhat.com/en/about/events/2015-defense-depth > > I will be going over new features that aids insider threat detection and > signs of intrusion in addition to basics. Bring your questions and > problems, let's talk.
For anyone attending the class tomorrow, I have a tarball with some rules for you to install. These rules are not exactly what I'd suggest running with on a daily basis, they are intended to cause different kinds of events that we'll talk about. Please install them before the class so that you have events to see. http://people.redhat.com/sgrubb/files/lab.tar.gz I'd also suggest using Fedora 22 or RHEL7 or any distribution that's recent. If you can, I'd also suggest using the most recent audit package. Thanks, -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
