problem about audit-Collection of common programming errors
George Reith
linux centos selinux audit
I am on CentOS 5.8 finalI recently installed auditd via yum install audit however I am unable to start it.I edited the configuration file to give a verbose output of the error it is recieving in starting up and this is the output:# service auditd start Starting auditd: Config file /etc/audit/auditd.conf opened for parsing log_file_parser called with: /var/log/audit/audit.log log_format_parser called with: RAW log_group_parser called with: root priority_boost_parser called with: 4 flush_parser ca
DanH
ubuntu amazon-web-services virtual-machines audit fingerprint
I have 2 separate environments, and some strange behaviour occurring in one environment that is not in the other. Specifically the error is related to the PHP:Fatal error: Nesting level too deep – recursive dependency?This only occurs on AWS, but not on our internal hosting which is an ESXi VM. Our attempts to synchronise PHP, PHP modules, Apache, Apache module versions and configurations have failed to eliminate this AWS-only error.As a result we would now like to cast the net wider and look at
Stormvirux
linux security debian logging audit
Is there a log file that logs information when the values set in /etc/security/limits.conf are exceeded? If the values are too tight in the above file the clients using the website hosted on the server sees errors such as [FATAL] failed to allocate memory . But I wont be intimidated about it. So is there a log? If not is there a way to make it log when the values are exceeded?
illuminÉ
systemd audit syslog-ng journald
I installed syslog-ng to use on my desktop (Gentoo 64bit, upgraded to systemd i.e. was OpenRC before, with Openbox and Slim only) with my normal user to log all commands I type in the shell (bash first, then eventually zsh). I’ve explored different solutions, and different ways of setting this up, old and new and often this is achieved using the .bash_history file. I’m trying to implement this solution from a few years ago, with reliance on the companion trap. First I’ve modified .bashrc and set
McB
windows remote administration audit
We’re a small company (~50) who outsource the bulk of our IT to an… average quality provider. I am taking on the role of day-to-day IT (think of things that can be fixed in 15 mins or less only). I’m looking for some tools that can make my life easier. Most of our computers are on the LAN, though we do have a couple of remote employees and people do travel quite frequently.I would like reco’s on tools that can help me figure out which PC’s are running what versions of Windows (mostly Vista,
baron
c# asp.net-mvc entity-framework audit
I am building in a Change History / Audit Log to my MVC app which is using the Entity Framework.So specifically in the edit method public ActionResult Edit(ViewModel vm), we find the object we are trying to update, and then use TryUpdateModel(object) to transpose the values from the form on to the object that we are trying to update.I want to log a change when any field of that object changes. So basically what I need is a copy of the object before it is edited and then compare it after the TryU
John
linux software-installation recording audit
Similar to the question here, http://serverfault.com/questions/387111/inventory-or-audit-installed-linux-software, I would like to obtain ideas about commands that should be ran across various Linux/Unix distributions to audit installed software. It should cover at a minimum the following use cases:Software installed from packages Software installed from source Software that is installed to an unknown or unexpected locationAdditionally, it should work on CentOS/RedHat, SuSE, and Macintosh OS.
Skyhawk
active-directory windows-server-2008-r2 audit auditing
I want to setup auditing so I can see if any changes are being made to a service account (any changes) in AD which is used to run a backup application.What do I need to enable in Group Policy Management: Audit Directory Service changes, or Audit Account Management?
nealmcb
webserver audit iis patching
IIS Express is a developer tool for Windows XP and higher which provides the full feature set of IIS, but without needing administrator rights.I’ve seen discussion by some developers who are considering bundling this with their application to make deployment consistent among versions. If you read the comments section in the link above, the blogger ScottG (and MSFT Corporate VP) mentions that instances of IIS Express will not receive updates via Windows update, but they might be updated when usi
Pablo Marambio
database postgresql audit
Does postgresql record the schema, table, index, trigger and stored procedure changes? I don’t mean the changes in data, but changes in the structure of the database.Searching the web I always end up with data auditing solutions, which is not my problem. I do know, however, that tables and SPs are records in master tables somewhere in the database.Is there such a log in postgresql? If not, how could I create one?
makerofthings7
windows audit buffer-overflow windows-8 programming
According to this answer, it’s possible to compile a GCC-based application without certain buffer overflow techniques. Perhaps this is even possible with Visual Studio.How can I audit a given EXE or DLL if it has the relevant anti-buffer overflow technologies in it? Is it even possible?
Whisker
sql-server asp.net-mvc audit
We currently have a SQL Server 2008 instance set up for our ASP.Net MVC application, and the SQL Server instance uses built-in auditing (I believe CDC?)We also have our ASP.Net application set up to use one connection string specified in web.config for the entire application, no matter who is logged in (of about ~50 users)The problem: We want to be able to include among the audit information the username of the user who made the particular change in question.It looks like we can only do that in
Mark Booth
windows ntfs path audit verification
I have been looking for software which will checksum and verify/compare NTFS volumes with deep paths on Windows, and failing verification on every one I’ve tried. I’ve even tried writing my own python script and run into the same problems.The problems start when files end up with paths which are more than 256 characters. This is bad enough on the primary drive, but once these files have been backed up and are even deeper on the backup filesystem it gets even worse. For example, my python program
Zoredache
iis webserver security iis7.5 audit
I am wondering what benefits will give me to move all website content files from the default inetpub directory (C:) to something like D:\wwwroot. By default IIS creates separate application pool for each website and I am using the built-in user and group (IURS) as the authentication method. I’ve made sure each site directory has the appropriate permission settings so I am not sure what benefits I will gain. Some of the environment settings are as below: VMWare Windows 2008 R2 64 IIS 7.5 C:\in
Legolas
penetration-test vulnerability-scanners audit scada
Is there a way to monitor the way the SCADA systems behave ‘during pen-testing or security audit’, and find out the implications of just port scans and/or monitor the state of activity while sending a payload ? Is it possible for a device to get faulty because of a SCADA Security Audit ?
Deer Hunter
audit code-review
This question is inspired by two related questions (How safe is backtrack to use, and How to Install, Configure and Use LSAT on Unix SE).Besides a dated (and patched) vulnerability in LSAT (CVE-2007-1500) I have searched through NVD/CVE and found a vulnerability in Backtrack: CVE-2012-0054.My question is whether I am right in requiring a security specialist doing an audit of my systems not to run any automated third-party tools on any of my systems (even if their source code is publicly availabl
makerofthings7
audit virus antivirus risk-management
For as long as can remember, EICAR has been used to test for the presence of Antivirus systems in email, the file system, or other places.Sometimes the AV solution is so far out of date, that its efficacy is basically zero. That leads me to question why have support for EICAR at all? Is this test obsolete, and should it be removed?To me it seems logical to extend that line of questioning with this:Would it be beneficial for EICAR to also test for the freshness of the AV update files?Perhaps ef
AviD
network audit
How to find out that a NIC is in promiscuous mode on a LAN?
Edison Chuang
audit
I’ve seen that some of software systems have functionality of audit and log. Both of those functionality seem that they are just doing the same things – records all the users’s actions behind the scene. There are respective tables of audit and log even exist in the database. If they are really doing the same things why the developer developed duplicated function in a system?
Daniel Powell
nhibernate triggers audit
I’m using triggers on my sql database to capture change information for a table, it seems to be having a problem with nhibernate though.The table has a few columns and primary keys and triggers on it. The triggers look like thisCREATE TRIGGER [dbo].[tr_Instrument_update] ON [dbo].[Instrument] FOR UPDATE AS BEGININSERT [MyAudit].[audit].[Instrument]SELECT ‘Updated’, i.*FROM insertedINNER JOIN [MyAudit].[dbo].[Instrument] i ON inserted.[InstrumentID] = i.[InstrumentID] ENDBasically on every change
user2393325
hibernate configuration playframework audit hibernate-envers
I’m currently working on an application using Play Framework 1.2.5 and Hibernate-envers 3.6.10-Final. This application is suffering from very low performances due to the Default Audit Stretagy used through the Hibernate-envers module.After some researches, it seems that my solution is to use the Validity Audit Strategy offered by this module, which involves some optimizations in the audit process. However, when I configure this strategy in the ddl/mysql/META-INF/persistence.xml file or in the c
Rob W
web-browser javascript vulnerability-scanners audit browser-extensions
I’m trying to scan JavaScript files for vulnerabilities using JSHint. Specifically, I’m scanning the JavaScript files of browser extensions. To look for possible vulnerabilities I’m looking for bad JavaScript coding practices such as the use of eval. (JSHint has option to detect the use of eval.)I’m currently scanning benign extensions and I’ll be looking into vulnerabilities that could compromise the security of the user in some way (may be trivial). However, I don’t know what more things (othe
sysadmin1138
sql-server login audit
I’ve been noticing recurring failed logon attempts onto our SQL server. It happens every minute with the same login. An example from the log file viewer10/18/2011 13:54:50,Logon,Unknown,Login failed for user ‘LOLZOR\lolsqlserver’. [CLIENT: ] 10/18/2011 13:54:50,Logon,Unknown,Error: 18456 Severity: 14 State: 16State 16 means: Login valid, but not permissioned to use the target databaseNote that the credentials are also used to start all the SQL Server servicesAudit Login Failed NTDomainName
zhaojing
redhat audit security-audit auditd
I am setting audit rules in /etc/audit/audit.rules.As the requirement : The audit system should be configured to audit all administrative, privileged, and security actions.So I add one line into /etc/audit/auditd.rules:-a exit,always -S stime -S acct -S reboot -S swaponHowever, after I restart audit.d by service auditd restart:There is error comeout: Stopping auditd: [ OK ] Starting auditd: [ OK ] Syscall na
Colin
data-access-layer audit
We recently added auditing to our database. A colleague implemented it using triggers and asked me to call a stored procedure on login to the website. The stored procedure inserts the current username, and the current oracle session id in a table so that the trigger could map a session id to a username. Problem is (or was) that he was assuming that a user’s internet session mapped to a database session. That is not the case, and we use connection pooling, so oracle session ids can map to many us
Web site is in building