Thank you Micheal. That was really insightful. I've got just one problem here. Can auditd log all the commands that all users enter? I need such a thing. Do you any tools that can do this and create the logs? Once I have the log files it won't be so hard to fetch, index and audit the files.
Navid On Mon, Aug 10, 2009 at 6:34 PM, Michael Altfield <[email protected]>wrote: > Hi Navid, > > I was just looking for a similar solution to satisfy sections 10.x in > the PCI DSS. > > OSSEC is great for a lot of things, but I wouldn't use it for auditing. > I'd look into installing and configuring auditd on all of your linux > machines. Then, to be able to generate your reports, I would use splunk. > Depending on your needs, you might be able to get by with the free version. > > Hope this helps. > > -Michael > > Navid Paya wrote: > > Kudos everyone > > I'm working in a firm specialized in providing banking services. I'm > > working on a user control mechanism and as part of the mechanism I > > need an auditing solution. Here are the requirements I have for my > system: > > 1 - Logging all the command that users enter and preferably storing > > them on a per user basis (for instance the command log for the user > > "navid" be stored as "navid.log" > > 2 - The ability to search for incidents based on user, command or time > > 3 - Ability to generate reports on a weekly, monthly, ... basis > > I've looked into syslog, syslog-ng, ossec and open-audit but I'm > > really not sure which one to go with. I'll be really grateful if you > > can shed some light on my limited understanding of this whole thing. I > > know about solution such as bash history but it just doesn't seem > > right. I mean, it's Linux for God's sake. There has to be better way > > to do that. And in case it matters, my distro is SuSE Linux Enterprise > > Server 10 SP 2. > > > > Thanks in advance > > > > Navid > >
