MegaplanIT

MegaplanIT

Security & Compliance

Advanced Linux Auditing

The Need for Linux Auditing

Auditing Linux system events is critical to any organization’s governance, risk, and compliance objectives. In order to conduct efficient forensic investigations and ensure accountability, the proper security policies and controls have to be in place.

Compliance: Internal and external auditing requirements typically expect some level of minimum log collection.

Security: Security incident detections are enabled by the deeper context provided by audit logs.

Forensics: Forensic investigations rely heavily on detailed and accurate audit logging.

Operations: Troubleshooting and identifying misconfigurations is sometimes only possible with advanced auditing.

 

Syslog and audited

  •  Syslog operates as an application and a protocol, meaning that it is capable of generating and forwarding system logs to a log aggregator.
  •  Audited operates as an application at the kernel level, meaning it has much more granular visibility, but does not have its own protocol and cannot forward system logs.

 

CISOfy/lynis Security Auditing Tool

Lynis is a security auditing tool for Linux. It performs an in-depth security scan and runs on the system itself. The primary goal is to test security defenses and provide tips for further system hardening. It will also scan for general system information, vulnerable software packages, and possible configuration issues

Policy Auditing: Highlight the differences between local policies and security baselines

Policy Reporting: Export results as a CSV or Excel Spreadsheet

Types of Audited Rules

Control RulesFile System RulesSystem Call Rules
Delete previous rulesMonitor readMonitor specific system calls
Set buffer sizeMonitor writeFilter on specific events to be logged
Make config immutableMonitor execution 
Panic on failureMonitor attribute changes 
Message rate limit  

The Need for Audited Configuration

Traditional Linux audit logging is great for basic compliance purposes; not for making security detections. Audited is a Linux system service that hooks into the kernel and provides detailed information about user modifications, logon activity, use of privileged commands, administrator actions, and kernel module activity. It subsequently reports on these events to help identify malicious or anomalous activity. This allows you to better understand how intruders and malware operate on your network.

ExecutionPersistenceExfiltration
Module LoadingApplication ShimmingData Compression
Powershell ExecutionBITS JobsData Encryption
ScriptingDLL Search Order HijackingExfiltration Over Alt Protocol & CNC
Service ExecutionLocal Job SchedulingRemote Access Tools
User ExecutionLogon ScriptsRemote File Copy
Linux Remote ManagementScheduled TasksScheduled Transfer

Automating audited Policy Configuration

Advanced Auditing: Automatically configure your local audit policy to comply with the CIS security baseline.

CentOS 7 and Ubuntu 16 Support: Out-of-the-box support for CentOS and Ubuntu systems. Minor modifications are necessary for other systems.

Deploy in Seconds: Copy and paste 3 lines of bash into a root terminal to configure everything.

Looking for a knowledgeable partner for your cybersecurity and compliance efforts? We're Here To Help!

We look forward to talking to you about your upcoming Security Test, Compliance Assessment, and Managed Security Services priorities. Our expert security consultants and QSAs are fully certified and have decades of experience helping businesses like yours stay safe from cyber threats. Set up a time to chat with us about your biggest payment security and compliance challenges so we can partner with you to solve them!

Share this post

Industry Leading Certified Experts

Subscribe

Subscribe To Our Newsletter & Stay Up-To-Date

Explore Our Blogs

Whitepaper | 10 min Read

Developing An Effective Compliance Program

This whitepaper provides organizations with a path forward. We will walk through aspects of an effective compliance program and how it can be valuable to your business. We will also outline critical steps towards developing and implementing a useful and effective Compliance Program.

New Service Offering | Contact Us

Ransomware Preparedness Assessment

As new vulnerabilities emerge in response to ongoing geopolitical threats, are you confident that your organization could defend against a ransomware attack? If not or if you are unsure, MegaplanIT is offering a Ransomware Readiness Assessment free of charge for up to 50 Systems. 

ResourceGuide | 8 min Read

Cybersecurity Roadmap For 2022

Companies need to be aware of their current state, where they need improvement, and how to be proactive moving forward. Dialing in on the key elements your organization will need to succeed is a great starting point to having a full-fledged plan in place, and it all comes down to the fundamentals. 

We're Here To Help

We look forward to talking to you about your upcoming Security Testing, Compliance Assessments, and Managed Security Services priorities. We are ready to help and discuss more information with you on our comprehensive list of services. 

Make Our Team, Your Team!

Our innovative IT security and compliance solutions are designed to deliver customized, cost-effective service on time—because your priorities are our priorities. With a highly qualified team of PCI-DSS QSAs, Penetration Testers, and Information Security Consultants here at MegaplanIT, we will assess your unique company and business environment and design a path to security that will fit all of your needs.

Ransomware Assessment Preparedness

Cybersecurity Roadmap For 2022

Developing And Maintaining An Effective Compliance Program

As new vulnerabilities emerge in response to ongoing geopolitical threats, are you confident that your organization could defend against a ransomware attack? 

A Cybersecurity Roadmap details priorities and objectives to drive progress towards security goals. The roadmap follows a data-driven path based on answers to critical questions

This whitepaper provides organizations with a path forward. We will walk through aspects of an effective compliance program and how it can be valuable to your business