This may be faster and also a better way to summarize and share with others.
I will list the AUDIT(test#letter) and then below it place *Method of
implementation:* and if the field is marked in green, it is validated by
someone
from linux-audit@redhat.com (Steve Grubb for example) and the text prov
Understood, thank you.
--
Warron French
On Fri, Jul 14, 2017 at 4:56 PM, Steve Grubb wrote:
> On Friday, July 14, 2017 4:52:36 PM EDT warron.french wrote:
> > Same as AUDIT(B) only for roles and groups?
>
> Also hardwired. See the user account specification.
>
> -Steve
Sorry, I failed to Reply-All on the first email thread too.
But it looks I might be onto something, yes? (I will look for your reply
in the other thread and make sure I Reply-All on it).
--
Warron French
On Fri, Jul 14, 2017 at 4:56 PM, Steve Grubb wrote:
> On Friday,
On Friday, July 14, 2017 4:52:36 PM EDT warron.french wrote:
> Same as AUDIT(B) only for roles and groups?
Also hardwired. See the user account specification.
-Steve
> Simply put a watch rule on /etc/group and /etc/gshadow?
>
> Is that really enough? Do I also monitor the executables for /bin/
On Friday, July 14, 2017 4:48:11 PM EDT warron.french wrote:
> Similar idea to the prior email:
>
> I need to monitor local user account
>
>
> *creation, modification, deletion, suspension and locking.*
These events are all hardwired too. The events that you are looking for are
part of this sp
Same as AUDIT(B) only for roles and groups?
Simply put a watch rule on /etc/group and /etc/gshadow?
Is that really enough? Do I also monitor the executables for /bin/passwd,
/sbin/{groupadd, groupdel, groupmod, usermod}?
Usermod, because technically, you can affect memberships of a user with
th
Similar idea to the prior email:
I need to monitor local user account
*creation, modification, deletion, suspension and locking.*
I know that I can monitor: */etc/passwd, /etc/group, /etc/shadow* and
*/etc/gshadow*, but how do I monitor who modified wfrench inside
/etc/passwd?
Is:
*-w /etc/pa
On Friday, July 14, 2017 3:51:16 PM EDT warron.french wrote:
> Back to this again, as I thought my coworker had addressed it months ago,
> but he did not as I cannot find anything.
>
> *THE_SUBJECT*: Auditing Logons and Logoffs (success/failures)
>
> I am aware of the following files:
> /var/log/f
Back to this again, as I thought my coworker had addressed it months ago,
but he did not as I cannot find anything.
*THE_SUBJECT*: Auditing Logons and Logoffs (success/failures)
I am aware of the following files:
/var/log/faillog, and
/var/log/lastlog
The following link is relevant to RHEL5 (may
