DOCSLIB.ORG

Freebsd Security Audit Thinagents User Guide

Freebsd Security Audit Thinagents User Guide

FreeBSD Security User Guide VISUAL Message Center ThinkServer 1.6 FreeBSD Security User Guide The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Copyright Notice Copyright © 2011 Tango/04 All rights reserved. Document date: March 2011 Document version: 1.31 Product version: 1.6 No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic mechani- cal, magnetic, optical, chemical, manual, or otherwise, without the prior written permission of Tango/04. Trademarks Any references to trademarked product names are owned by their respective companies. Technical Support For technical support visit our web site at www.tango04.com. Tango/04 Computing Group S.L. Avda. Meridiana 358, 5 A-B Barcelona, 08027 Spain Tel: +34 93 274 0051 Table of Contents Table of Contents Table of Contents.............................................................................. iii How to Use this Guide.......................................................................vii Chapter 1 Introduction ......................................................................................1 1.1. What You Will Find in This Document ............................................................1 Chapter 2 Before You Begin...............................................................................3 Chapter 3 FreeBSD OpenBSM Audit Configuration................................................4 3.1. Introduction .....................................................................................................4 3.2. First Steps.......................................................................................................4 3.3. Audit Classes Overview ..................................................................................4 3.4. Configuring System and User Audit................................................................5 3.5. Configuring Audit Policies ...............................................................................6 3.6. User Permissions............................................................................................7 © 2011 Tango/04 Computing Group Page iii Table of Contents Chapter 4 Common Configuration.......................................................................8 4.1. Data Source Configuration .............................................................................8 4.1.1. General Settings .......................................................................................8 4.1.2. Options....................................................................................................10 4.2. Common ThinAgent Configuration ...............................................................12 4.2.1. Main Information ....................................................................................13 4.2.2. Filters ......................................................................................................13 4.2.3. Additional Filters......................................................................................14 4.2.4. Default Message Templates ...................................................................14 4.2.5. Common Variables for All FreeBSD Security ThinAgents ......................14 4.2.6. Field Map SmartConsole – ThinkServer .................................................15 Chapter 5 FreeBSD Custom Audit ThinAgent ......................................................17 5.1. ThinAgent Variables .....................................................................................17 5.2. Default Health Settings .................................................................................17 5.3. Field Map SmartConsole – ThinkServer .......................................................17 5.4. Predefined High-Level Exclusion Filters .......................................................18 Chapter 6 FreeBSD File System ThinAgents .......................................................19 6.1. FreeBSD File Content Accessed ..................................................................19 6.1.1. ThinAgent Variables ...............................................................................19 6.1.2. Default Health Settings ...........................................................................19 6.1.3. Field Map SmartConsole – ThinkServer .................................................20 6.1.4. Predefined High-Level Exclusion Filters .................................................20 6.2. FreeBSD File Content Modified ....................................................................20 6.2.1. ThinAgent Variables ...............................................................................21 6.2.2. Default Health Settings ...........................................................................21 6.2.3. Field Map SmartConsole – ThinkServer .................................................21 6.2.4. Predefined High-Level Exclusion Filters .................................................21 6.3. FreeBSD File/Directory Attribute Accessed ..................................................22 6.3.1. ThinAgent Variables ...............................................................................22 6.3.2. Default Health Settings ...........................................................................23 6.3.3. Field Map SmartConsole – ThinkServer .................................................23 6.3.4. Predefined High-Level Exclusion Filters .................................................23 6.4. FreeBSD File/Directory Attribute Modified ....................................................24 6.4.1. ThinAgent Variables ...............................................................................24 6.4.2. Default Health Settings ...........................................................................24 6.4.3. Field Map SmartConsole – ThinkServer .................................................25 © 2011 Tango/04 Computing Group Page iv Table of Contents 6.4.4. Predefined High-Level Exclusion Filters .................................................25 6.5. FreeBSD File/Directory Created/Deleted......................................................25 6.5.1. ThinAgent Variables ...............................................................................26 6.5.2. Default Health Settings ...........................................................................26 6.5.3. Field Map SmartConsole – ThinkServer .................................................26 6.5.4. Predefined High-Level Exclusion Filters .................................................27 Chapter 7 FreeBSD User Activity ThinAgents ......................................................28 7.1. FreeBSD Logon Activity................................................................................28 7.1.1. ThinAgent Variables ...............................................................................28 7.1.2. Default Health Settings ...........................................................................28 7.1.3. Field Map SmartConsole – ThinkServer .................................................28 7.1.4. Predefined High-Level Exclusion Filters .................................................29 7.2. FreeBSD Programs Executed.......................................................................29 7.2.1. ThinAgent Variables ...............................................................................29 7.2.2. Default Health Settings ...........................................................................30 7.2.3. Field Map SmartConsole – ThinkServer .................................................30 7.2.4. Predefined High-Level Exclusion Filters .................................................30 7.3. FreeBSD Session Threshold ........................................................................30 7.3.1. ThinAgent Variables ...............................................................................31 7.3.2. Default Health Settings ...........................................................................31 7.3.3. Field Map SmartConsole – ThinkServer .................................................32 7.4. FreeBSD User Inactivity................................................................................32 7.4.1. ThinAgent Variables................................................................................33 7.4.2. Default Health Settings ...........................................................................33 7.4.3. Field Map SmartConsole – ThinkServer .................................................33 Chapter 8 FreeBSD User Management ThinAgents .............................................34 8.1. FreeBSD Command Line Management........................................................34 8.1.1. ThinAgent Variables ...............................................................................34 8.1.2. Default Health Settings ...........................................................................35 8.1.3. Field Map SmartConsole – ThinkServer .................................................35 8.1.4. Predefined High-Level Exclusion Filters .................................................35 Chapter 9 FreeBSD Generic Syslog ThinAgent ....................................................36 9.1. Default Health Settings .................................................................................36 © 2011 Tango/04 Computing

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    51 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us