Highest Voted 'audit' Questions - Server Fault Stack Exchange

69

votes

8 answers

A previous IT worker probably left some backdoors. How can I eliminate them?

I started working for a company that fired a previous IT worker for leaking data. I can only say the following things: We use a Firebird DB with an application written by another company, Proxmox, for virtualization of Windows Server 2008 R2, SQL…

asked Jan 25 '17 at 09:00

user2265690

729
1
5
4

51

votes

4 answers

Linux: set up for remote sysadmin

Every now and then I get the odd request to provide remote support, troubleshooting and/or performance tuning on Linux systems. Larger companies often already have well established procedures to provide remote access to vendors/suppliers and I only…

linux security sudo root audit

asked Sep 26 '16 at 11:54

HBruijn

72,524
21
127
192

39

votes

10 answers

How do I know if my Linux server has been hacked?

What are the tell-tale signs that a Linux server has been hacked? Are there any tools that can generate and email an audit report on a scheduled basis?

linux hacking audit security

asked May 01 '09 at 20:59

cowgod

3,460
6
27
20

27

votes

2 answers

How can I list MACs, Ciphers and KexAlogrithms supported by my ssh server?

How can I determine the supported MACs, Ciphers, Key length and KexAlogrithms supported by my ssh servers? I need to create a list for an external security audit. I'm looking for something similar to openssl s_client -connect example.com:443…

linux ssh audit

asked Nov 10 '15 at 09:40

Henrik Pingel

8,676
2
24
38

21

votes

10 answers

How to track superuser activities

I'd like to know what are the best approaches for tracking superuser activities on a Linux environment. Specifically, I'm looking for these features: A) Logging keystrokes to a secured syslog server B) Ability to replay shell sessions (something…

linux security audit

asked Aug 06 '09 at 00:58

mfriedman

1,959
1
13
14

20

votes

7 answers

Cygwin SSHd Autoblock Failed Logins

I'm running Cygwin with an SSH deamon on a Windows Server 2008 machine. I was looking at the Event Viewer and noticed as much as 5 to 6 failed login attempts per second (brute force) for the last week or so, from different IPs. How can I autoblock…

windows-server-2008 security ssh automation audit

asked Jul 21 '09 at 05:26

ANaimi

309
1
2
6

16

votes

5 answers

Git commit auditing

I have a git server running over ssh and each user has a unix account on the system. Given that two users have access to a repo, how can I be sure which user performed which commit, since the commit user name and email is submitted and controlled by…

git security audit

asked Nov 02 '12 at 11:04

yannisf

577
2
5
15

15

votes

2 answers

Event 4625 Audit Failure NULL SID failed network logons

In 3 separate systems, the following event is being logged many times (between 30 to 4,000 times a day depending on the system) on the domain controller server: An account failed to log on. Subject: Security ID: SYSTEM Account Name: …

security windows-server-2012-r2 windows-event-log windows-sbs-2011 audit

asked Apr 29 '15 at 09:57

mythofechelon

877
3
22
38

15

votes

3 answers

Sending audit logs to SYSLOG server

I'm running several RHEL based systems which utilize the audit functionality within the 2.6 kernel to track user activity and I need to have these logs sent to centralized SYSLOG servers for monitoring and event correlation. Anyone know how to…

linux syslog redhat audit

asked Nov 15 '10 at 15:51

syn-

483
3
7
10

13

votes

2 answers

Server locking up, /var/log/messages reports "backlog limit exceeded"

We have a CentOS OS that became unresponsive this morning to external network traffic. It is a virtual machine. I was able to reboot the VM. After logging back in, I found the following in the /var/log/messages file, repeating over and over, up to…

linux centos windows-event-log audit

asked Jan 21 '12 at 18:43

YWCA Hello

203
1
2
9

12

votes

7 answers

How do you document/track your permissions

I'm a Windows Admin so those that integrate with Windows will likely be most helpful. My main challenge at this point is just with file shares but as SharePoint use increases it will only make this harder. I've got all my directories setup and many…

windows active-directory audit

asked Jan 17 '13 at 21:59

PHLiGHT

1,041
10
25

12

votes

8 answers

How do I inventory the type and speed of a remote computer?

I'm on a Windows 2003/2008 corporate network with 100 users. I've been tasked with increasing the RAM on all end-user workstations. The problem is we have a mixture of different computers in our environment. Some are Dell, some HP, and some…

hardware memory audit

asked Sep 07 '10 at 14:25

ssxuser80

121
1
3

11

votes

4 answers

How can I audit a file to see who deleted it?

On one of our servers we have a file that keeps mysteriously getting deleted. What I'd like to do is have a program watch this file and let me know when/how/by whom it gets deleted. We have a backup of the file in question, so it's not much…

windows-server-2003 filesystems audit trace

asked Sep 01 '09 at 17:45

dubRun

1,079
2
12
22

9

votes

4 answers

File audit in Linux: how to watch directory tree for deletions?

I have a forum script running on server and somehow small number of attachments begin to get lost. I want to find out what is deleting them and at what time. How can I setup Linux auditd (auditctl) to watch directory tree (attachments are stored…

linux centos audit auditd

asked May 24 '10 at 11:21

Vladislav Rastrusny

2,581
12
39
56

7

votes

5 answers

Security when SSH private keys are lost

User A has two SSH private keys, and over time has used this public key on a number of servers He lost one of them, and has created a new pair. How does User A inform me (the sysadmin), that he has lost his key, and how do I manage all the servers…

security ssh audit

asked Mar 24 '12 at 13:32

Shree Mandadi

181
1
6

Questions tagged [audit]