Well, I was travelling again and I read my way through some of the ISSA magazines that stacked up on my desk over that past months. I have to admit, the quality of articles I read has actually improved. That does not mean that I don’t have any comments…
I read this article in the March 2006 issue of the ISSA journal about Auditing on Linux/Unix. While I like the article and how it outlines what you can do to harden a UNIX box, it is yet another article which fails to mention how hard it is to enable real auditing on Linux. I have yet to find a comprehensive guide about how to enable the auditing you really need on a Linux box. Not a single word was spent on the pam modules. The article mentiones process accounting via accton
but does not really mention how that can be used and how this could be handled in a distributed logging environment. How do you get all of this data into syslog instead of looking at it via lastcomm
?
Maybe these things could be addressed in a follow-on article?