Hi!
I'll probably have a number of questions relating to securing ubuntu in the near future. I'm hoping to be able to setup a wiki page on how to make ubuntu confirm to nist-like standards.
In order to do this though, I have a few questions relating to auditing. I've been monkeying around with a few settings but can't seem to get them right. I'm going through the auditing section of 800-53 and need to accomplish the following...
----
* Start-up and shutdown of the audit functions.
* Successful use of the user security attribute administration functions
* All attempted uses of the user security attribute administration functions
* Identification of which user security attributes have been modified
* Successful and unsuccessful logons and logoffs
* Unsuccessful access to security relevant files including creating, opening, closing, modifying, and deleting those files
* Changes in user authenticators
* Blocking or blacklisting user Ids, terminals, or access ports
* Denial of access for excessive logon attempts
* System accesses by privileged users
* Privileged activities at the system console (either physical or logical consoles) and other system- level accesses by privileged users
* Starting and ending times for each access to the system
------
I've been able to get a couple of them correct, but is there an easy way to implement these? Additionally, is there a nice interface to access the logs?
Thanks!
Bookmarks