Audit class/lab
Steve Grubb
sgrubb at redhat.com
Mon Aug 31 14:15:15 UTC 2015
On Wednesday, July 15, 2015 06:19:30 PM Steve Grubb wrote:
> Hello,
>
> I normally don't put the word out about speeches I give, or things like
> that. But I am going to be teaching a hands-on audit class to demonstrate
> how to configure, setup rules, and do searching and reporting using the
> native linux audit tools.
>
> The lab will be part of the Defence in Depth conference in Washington
> (Tyson's Cormers, VA) on Sept 1. Its free, you just have to register. More
> info:
>
> http://www.redhat.com/en/about/events/2015-defense-depth
>
> I will be going over new features that aids insider threat detection and
> signs of intrusion in addition to basics. Bring your questions and
> problems, let's talk.
For anyone attending the class tomorrow, I have a tarball with some rules for
you to install. These rules are not exactly what I'd suggest running with on a
daily basis, they are intended to cause different kinds of events that we'll
talk about. Please install them before the class so that you have events to
see.
http://people.redhat.com/sgrubb/files/lab.tar.gz
I'd also suggest using Fedora 22 or RHEL7 or any distribution that's recent.
If you can, I'd also suggest using the most recent audit package.
Thanks,
-Steve
More information about the Linux-audit
mailing list