<p dir="ltr">Auditd apparently is a total mystery to the people who want to ENFORCE SECURITY. They are convinced the REAL SECURITY comes with a very large price tag and a new process that MUST BE VETTED FOR ACCURACY.</p>
<p dir="ltr">I can't _wait_ to hand them a log file from auditd along with an explanation of what it means.</p>
<div class="gmail_quote">On May 25, 2016 5:51 PM, "Vernard Martin" <<a href="mailto:vernard@gmail.com">vernard@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 5/16/2016 6:18 PM, Jim Kinney wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Happily, this isn't DoD. Just HIPPA. Must strike a balance between absolute security (standalone system with no networking in a room with armed guards will to shoot on site) and usability (woo! Free-for-all and everyone has root - NOT ON MY WATCH!).<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Either you need security or you don't.<br>
</blockquote>
<br>
Need security that prevents accidental relocation and makes deliberate abuse difficult but most importantly, traceable back to the now expelled/fired idiot.<br>
</blockquote>
Auditd can be configured to give you enough info to trace who/what is going on. Add sudo logs to that and you can probably track an offender quite fast.<br>
<br>
Or you can use the crappy EASH package that does all this and is absurdly old and not supported by the developer anymore. But it *does* work.<br>
<br>
V<br>
<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div>