Syscalls

Johnston Mark (UK) Mark.Johnston at o2.com
Wed Feb 28 11:07:28 UTC 2007


My apologies, let me create a new thread ...

Hey guys,

Is there a place where I can get all the supported syscalls for audit
version 1.2.9-6.4. There are a couple of things that I'm trying to do
like watching for the shutdown and init command (looking for system
reboots), and looking for changes to the date (I've got the time part).

Thanks
Mark

-----Original Message-----
From: linux-audit-bounces at redhat.com
[mailto:linux-audit-bounces at redhat.com] On Behalf Of Johnston Mark (UK)
Sent: 28 February 2007 11:03
To: linux-audit at redhat.com
Subject: RE: New to audit. Need help configuring audit to meet NISPOM
req's

Hey guys,

Is there a place where I can get all the supported syscalls for audit
version 1.2.9-6.4. There are a couple of things that I'm trying to do
like watching for the shutdown and init command (looking for system
reboots), and looking for changes to the date (I've got the time part).

Thanks
Mark

-----Original Message-----
From: linux-audit-bounces at redhat.com
[mailto:linux-audit-bounces at redhat.com] On Behalf Of Steve Grubb
Sent: 28 February 2007 03:01
To: linux-audit at redhat.com
Subject: Re: New to audit. Need help configuring audit to meet NISPOM
req's

On Tuesday 27 February 2007 03:25:18 Fields, Randy (Space Technology)
wrote:
> Here are the list of items that I need to accomplish and I greatly
> appreciate any help that you can provide. 1) I need to configure a
test box
> to meet NISPOM audit requirements. (any examples of /etc/auditd.conf
and
> /etc/audit.rules would be great) 2) Then test it by acting as a user
and
> trying to access files such as /etc/passwd and /etc/shadow. 3) Then
report
> that data to prove to auditors that the tool is collecting the events.

I'd like to include a generic NISPOM configuration in the next set of
audit 
packages. Can anyone share some of their contents? I could take a guess
at 
it, but would rather have something that has gone through review. I am
not 
wanting your site sensitive file locations, but generally this:

1) any syscall auditing you turned on
2) any files you needed to audit in /etc that are not site sensitive
3) any files in /var that needed to audit.

I think all other pieces of the audit system are embedded in the
appropriate 
utilities so audit message generation is automatic. The report tool
created 
to meet NISPOM is aureport.

Send it to me privately if you do not want your email address public. I
would 
appreciate the help...and so would other people in the linux-audit
community.

Thanks,
-Steve

--
Linux-audit mailing list
Linux-audit at redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit



This electronic message contains information from O2 which may be
privileged or confidential. The information is intended to be for the
use of the individual(s) or entity named above. If you are not the
intended recipient be aware that any disclosure, copying distribution or
use of the contents of this information is prohibited. If you have
received this electronic message in error, please notify us by telephone
or email (to the numbers or address below) immediately.
O2 (UK) Limited 260 Bath Road, Slough, Berkshire SL1 4DX Registered in
England and Wales: 1743099. VAT number: GB 778 6037 85




--
Linux-audit mailing list
Linux-audit at redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit




More information about the Linux-audit mailing list