[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 26408 Download | Alert*

Verify Permissions on /etc/passwd The /etc/passwd file contains user account information that is used by many system utilities and therefore must be readable for these utilities to operate.

Lock Inactive User Accounts User accounts that have been inactive for over a given period of time can be automatically disabled. It is recommended that accounts that are inactive for 35 or more days be disabled.

Keep All Auditing Information Normally, auditd will hold 4 logs of maximum log file size before deleting older log files.

Disable System on Audit Log Full The auditd daemon can be configured to halt the system when the audit logs are full.

Collect Login and Logout Events Monitor login and logout events. The parameters below track changes to files associated with login/logout events. The file /var/log/faillog tracks failed events from login. The file /var/log/lastlog maintain records of the last time a user successfully logged in. The file /var/log/tallylog maintains records of failures via the pam_tally2 module

Record Events That Modify the System's Mandatory Access Controls Monitor SELinux mandatory access controls. The parameters below monitor any write access (potential additional, deletion or modification of files in the directory) or attribute changes to the /etc/selinux directory.

Collect Discretionary Access Control Permission Modification Events "Monitor changes to file permissions, attributes, ownership and group. The parameters in this section track changes for system calls that affect file permissions and attributes. The chmod, fchmod and fchmodat system calls affect the permissions associated with a file. The chown, fchown, fchownat and lchown system calls affect own ...

Collect Session Initiation Information "Monitor session initiation events. The parameters in this section track changes to the files associated with session events. The file /var/run/utmp file tracks all currently logged in users. The /var/log/wtmp file tracks logins, logouts, shutdown and reboot events. All audit records will be tagged with the identifier ""session."" The file /var/log/btmp keep ...

Record Events That Modify Date and Time Information "Capture events where the system date and/or time has been modified. The parameters in this section are set to determine if the adjtimex (tune kernel clock), settimeofday (Set time, using timeval and timezone structures) stime (using seconds since 1/1/1970) or clock_settime (allows for the setting of several internal clocks and timers) system ca ...

Enable Auditing for Processes That Start Prior to auditd Configure grub or lilo so that processes that are capable of being audited can be audited even if they start up prior to auditd startup.

Pages:      Start    3    4    5    6    7    8    9    10    11    12    13    14    15    16    ..   2640

© SecPod Technologies