Archive for October, 2015

Reviewing auditd logs with Spacewalk

One feature of Spacewalk is the ability to review auditd logs. If you dont know what auditd is, here is a good introduction http://security.blogoverflow.com/2013/01/a-brief-introduction-to-auditd/
To sum it up, you can monitor/log nearly every change on your system with it, like file access, file attribute changes, logins, service starts, user interaction etc. based on rules.
As you can imagine, this produces a tremendous amount of logs. For effectively reading them, we need some assistance. For instance: Spacewalk.
Read more