The Linux Community Forum

The Forums => General Discussion => Topic started by: OranTevin on October 05, 2020, 11:21:35 am

Title: Access violations attempts!
Post by: OranTevin on October 05, 2020, 11:21:35 am
Hi Experts/Members,

I am not much aware about LINUX bases operating system but as a AUDIT requirement i need to full fill following.

I am running Oracle Linux 6.5 138bet (https://onlinecasinodude.com/casinos/138bet/)

Implement Access violations attempts (whether “Success or failure” and with “Success, failure”) over and “Linux OS”.
Title: Re: Access violations attempts!
Post by: Mad Penguin on October 05, 2020, 11:53:27 am
Hi,

There are a number of ways to do this, one easy way is to install auditd, on a debian system like this;
Code: [Select]
apt install auditd 

Once installed this will start tracking issues and you can use the aureport command to produce reports, for example;
Code: [Select]
# aureport -l --failed  
 
Login Report
============================================
# date time auid host term exe success event
============================================
1. 10/05/2020 11:43:51 gareth 192.168.250.2 sshd /usr/sbin/sshd no 39
2. 10/05/2020 11:44:01 (unknown user) 192.168.250.2 sshd /usr/sbin/sshd no 55
3. 10/05/2020 11:44:01 (invalid user) 192.168.250.2 sshd /usr/sbin/sshd no 56
Code: [Select]
# aureport -l --success 
 
Login Report
============================================
# date time auid host term exe success event
============================================
1. 10/05/2020 11:43:56 0 192.168.250.2 /dev/pts/0 /usr/sbin/sshd yes 50
2. 10/05/2020 11:44:04 0 192.168.250.2 /dev/pts/0 /usr/sbin/sshd yes 67
3. 10/05/2020 11:44:55 0 192.168.250.2 /dev/pts/0 /usr/sbin/sshd yes 81
Code: [Select]
# aureport -l --success --summary -i 
 
Success Login Summary Report
============================
total  auid
============================
3  root
Code: [Select]
# aureport -l --summary -i --failed 
 
Failed Login Summary Report
============================
total  auid
============================
1  gareth
1  (unknown user)
1  (invalid user)
Is this the sort of thing you were looking for?
SimplePortal 2.3.3 © 2008-2010, SimplePortal