Language Selection

English French German Italian Portuguese Spanish

Detect insider threats with Linux auditing

Filed under
Security

Organizations of all sizes need to mitigate the risk of insider threats. Misconduct by authorized users represents a grave threat to an organization. According to the 2005 Computer Security Institute and Federal Bureau of Investigation Computer Crime and Security Survey, organizations reported that computer intrusions from inside sources accounted for nearly half of all incidents. You can secure your network perimeter with intrusion detection systems, firewalls, and virus scanners, but don't neglect to monitor authorized users. The Linux Audit daemon can help you detect violations of your security policies.

The term auditing has multiple meanings within the information security field. A security audit is a term used to describe the process of evaluating the security posture of an organization through penetration testing, review of security policies, and system configuration. At the system level, auditing refers to the logging of the actions of users and programs of a system. The latter form of auditing is the type of auditing implemented by the Linux Audit daemon. It is a passive security measure because it only detects violations of security policy, but does not enforce it. It is similar to network-based intrusion detection systems and host-based intrusion detection systems.

More Here




More in Tux Machines

HandyLinux 2.0 Beta Now Available for Download, Based on Debian 8 Jessie - Screenshot Tour

The availability of the Beta version of the upcoming HandyLinux 2.0 computer operating system has been announced today, March 30, on the distribution’s website, which has been redesigned to match the look and feel of the OS. Read more

DebEX Barebone Is the First Debian 8 Jessie Live CD with Xfce 4.12

Arne Exton had the pleasure of informing Softpedia earlier today, March 29, about the immediate availability for download of a new build (150329) of his DebEX Barebone computer operating system derived from the upcoming Debian GNU/Linux 8 Jessie distribution and built around the recently released Xfce 4.12 desktop environment. Read more

Linus Torvalds Announces Linux Kernel 4.0 RC6, Final Version to Be Released Soon

Linus Torvalds had the pleasure of announcing today, March 29, the immediate availability for download and testing of the sixth Release Candidate (RC) version of forthcoming Linux 4.0 kernel. Apparently, some important bugs have been squashed, which means that the final Linux kernel 4.0 will be released sooner than expected. Read more

Mesa's Android Support Is Currently In Bad Shape

While Mesa is talked about as being able to be built for Google's Android operating system to run these open-source graphics drivers on Android devices with OpenGL ES support, in reality there's a lot left to be desired. Over the years there's been a handful of developers working on Android Mesa support to let the popular open-source graphics drivers run over there -- from the Intel driver now that they're using HD Graphics within their low-power SoCs (rather than PowerVR), AMD has made a few steps toward Android netbook/laptop devices with Radeon graphics, and we're starting to see Gallium3D drivers for Qualcomm Adreno (Freedreno) and the Raspberry Pi (VC4) where there's interest from Android users. This year as part of Google Summer of Code we also might see a student focused on Freedreno Android support. Read more