Access violations attempts!

Hi Experts/Members,

I am not much aware about LINUX bases operating system but as a AUDIT requirement i need to full fill following.

I am running Oracle Linux 6.5 138bet

Implement Access violations attempts (whether “Success or failure” and with “Success, failure”) over and “Linux OS”.

Hi,

There are a number of ways to do this, one easy way is to install auditd, on a debian system like this;


apt install auditd 

Once installed this will start tracking issues and you can use the aureport command to produce reports, for example;


# aureport -l --failed  
 
Login Report 
============================================ 
# date time auid host term exe success event 
============================================ 
1. 10/05/2020 11:43:51 gareth 192.168.250.2 sshd /usr/sbin/sshd no 39 
2. 10/05/2020 11:44:01 (unknown user) 192.168.250.2 sshd /usr/sbin/sshd no 55 
3. 10/05/2020 11:44:01 (invalid user) 192.168.250.2 sshd /usr/sbin/sshd no 56


# aureport -l --success 
 
Login Report 
============================================ 
# date time auid host term exe success event 
============================================ 
1. 10/05/2020 11:43:56 0 192.168.250.2 /dev/pts/0 /usr/sbin/sshd yes 50 
2. 10/05/2020 11:44:04 0 192.168.250.2 /dev/pts/0 /usr/sbin/sshd yes 67 
3. 10/05/2020 11:44:55 0 192.168.250.2 /dev/pts/0 /usr/sbin/sshd yes 81


# aureport -l --success --summary -i 
 
Success Login Summary Report 
============================ 
total  auid 
============================ 
3  root

# aureport -l --summary -i --failed 
 
Failed Login Summary Report 
============================ 
total  auid 
============================ 
1  gareth 
1  (unknown user) 
1  (invalid user)

Is this the sort of thing you were looking for?