Le 12/07/2012 21:41, Thugzclub a écrit :
Florian,
Did you get and answer for this?
Regards.
Not a single one.
Florian.
On 10 Jul 2012, at 08:29, Florian Crouzat gen...@floriancrouzat.net wrote:
Hi,
This is my first message to the list to please be indulgent, I might be mixing
Hi,
I have managed to find an easy way to put the output of aureport into
neat columns. For example:
aureport -i -f | sed 's/=/ /g' | column -t
However, if I combine this with ausearch, as in:
ausearch -k ROOT |aureport -i -f | sed .
then some lines come out properly and some have
Florian,
Did you get and answer for this?
Regards.
On 10 Jul 2012, at 08:29, Florian Crouzat gen...@floriancrouzat.net wrote:
Hi,
This is my first message to the list to please be indulgent, I might be
mixing concepts here between auditd, selinux and pam. Any guidance much
On Thursday, July 12, 2012 04:26:25 PM Michael Mather wrote:
Hi,
I have managed to find an easy way to put the output of aureport into
neat columns. For example:
aureport -i -f | sed 's/=/ /g' | column -t
However, if I combine this with ausearch, as in:
ausearch -k ROOT
Is it possible that the output for these tools is not directed to STDOUT
completely? In which case you might have better luck redirecting output with
something like 21?
Just a thought...
-Original Message-
From: linux-audit-boun...@redhat.com [mailto:linux-audit-boun...@redhat.com] On
On Friday, July 13, 2012 10:14:59 AM Florian Crouzat wrote:
Le 12/07/2012 21:41, Thugzclub a écrit :
Florian,
Did you get and answer for this?
Regards.
Not a single one.
Hmm...I thought I sent an answer. The problem from the kernel's perspective is
that it has no idea what user
Le 13/07/2012 15:27, Steve Grubb a écrit :
Hmm...I thought I sent an answer. The problem from the kernel's perspective is
that it has no idea what user space is doing. It can't tell a password from
anything else being typed. There is a flag that can be set for the TTY to hide
characters. But
There is another way we used to pass PCI-DSS.
We use an audit rule to log all EXECVE happening on production servers,
rsyslog the logs to the remote centralized logs server, then parse the
audit logs there using a cron script and rebuild the commands issued on
each server by any user id.
Hope
Hello,
- Original Message -
Every keystroke are logged in /var/log/audit/audit.log which is great.
My only issue is that I just realized that prompt passwords are also
logged, eg MySQL password or Spacewalk, etc.
I can read them in plain text when doing aureport --tty -if
Yes, Steve, adding --raw works beautifully. Thanks.
Now, where can I find a tutorial that might have taught me this?
And is there a way to search this list?
Michael Mather
--
On Fri, 2012-07-13 at 09:22 -0400, Steve Grubb wrote:
On Thursday, July 12, 2012 04:26:25 PM Michael
Wouldn't another option be to audit the exec of particular executables you are
interested in knowing if someone runs?
Obviously you won't know what they are typing into text documents and such, but
is that really required? Most places don't allow key loggers at all and it
sounds like that's
On Friday, July 13, 2012 01:09:00 PM Michael Mather wrote:
Yes, Steve, adding --raw works beautifully. Thanks.
Now, where can I find a tutorial that might have taught me this?
There is some discussion of this in the audit.rules man page under the section
NOTES. There was also an article
12 matches
Mail list logo
