What logs to audit?

Discussion in 'all things UNIX' started by Librenacho, Dec 31, 2016.

  1. Librenacho

    Librenacho Registered Member

    Joined:
    Dec 31, 2016
    Posts:
    3
    Location:
    Unites States
    Hey guys does anyone have a suggestions on what logs I should audit? I already have these on my list:
    Firewall, HTTP requests, TSL/SSL certs, DNS requests, Setuid/Setgid system calls, Packets, Outgoing traffic (OpenDLP I think mitigates this), Failed login attempts, Sudo, Failed drivers, Activities requiring resources, Moves files, corrupt files, failed access to files (permission denied), Group member additions, System reboots, Service restarts... If anyone has anymore ideas that would be awesome!
     
  2. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,115
    Location:
    Brasil
    What is the point of the audit, actually? What are you trying to achieve?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.