Author Topic: Access violations attempts!  (Read 954 times)

0 Members and 1 Guest are viewing this topic.

Offline OranTevin

  • Jr. Member
  • **
  • Posts: 1
  • Karma: 0
  • Gender: Male
  • I've just joined!
    • View Profile
    • Awards
Access violations attempts!
« on: October 05, 2020, 11:21:35 am »
Hi Experts/Members,

I am not much aware about LINUX bases operating system but as a AUDIT requirement i need to full fill following.

I am running Oracle Linux 6.5 138bet

Implement Access violations attempts (whether “Success or failure” and with “Success, failure”) over and “Linux OS”.

Offline Mad Penguin

  • Administrator
  • Hero Member
  • *****
  • Posts: 1452
  • Karma: 10023
  • Gender: Male
    • View Profile
    • Awards
Re: Access violations attempts!
« Reply #1 on: October 05, 2020, 11:53:27 am »
Hi,

There are a number of ways to do this, one easy way is to install auditd, on a debian system like this;
Code: [Select]
apt install auditd 

Once installed this will start tracking issues and you can use the aureport command to produce reports, for example;
Code: [Select]
# aureport -l --failed  
 
Login Report
============================================
# date time auid host term exe success event
============================================
1. 10/05/2020 11:43:51 gareth 192.168.250.2 sshd /usr/sbin/sshd no 39
2. 10/05/2020 11:44:01 (unknown user) 192.168.250.2 sshd /usr/sbin/sshd no 55
3. 10/05/2020 11:44:01 (invalid user) 192.168.250.2 sshd /usr/sbin/sshd no 56
Code: [Select]
# aureport -l --success 
 
Login Report
============================================
# date time auid host term exe success event
============================================
1. 10/05/2020 11:43:56 0 192.168.250.2 /dev/pts/0 /usr/sbin/sshd yes 50
2. 10/05/2020 11:44:04 0 192.168.250.2 /dev/pts/0 /usr/sbin/sshd yes 67
3. 10/05/2020 11:44:55 0 192.168.250.2 /dev/pts/0 /usr/sbin/sshd yes 81
Code: [Select]
# aureport -l --success --summary -i 
 
Success Login Summary Report
============================
total  auid
============================
3  root
Code: [Select]
# aureport -l --summary -i --failed 
 
Failed Login Summary Report
============================
total  auid
============================
1  gareth
1  (unknown user)
1  (invalid user)
Is this the sort of thing you were looking for?

The Linux Community Forum

Re: Access violations attempts!
« Reply #1 on: October 05, 2020, 11:53:27 am »

 


SimplePortal 2.3.3 © 2008-2010, SimplePortal