Simple Linux Auditing

Want to support HowtoForge? Become a subscriber!
 
Submitted by sudhagud (Contact Author) (Forums) on Wed, 2012-01-25 17:12. :: Linux

Simple Linux Auditing

Basic Linux system auditing is a bit tricky and data collected and information of that is out of place and readability is not that good. Recently this led me to put together a Open Source code project and develop simple BASH scripts that do the job nicely.

The code and tar ball can be downloaded from both google code or from SourceForge's website and the project website has links to documentation, help, installation and code.

The Auditor utilities can be safely copied/extracted into /usr/local/bin as this folder is in the path settings in most linux distributions. The utilities work well with the latest versions of RHEL, FEDORA, CENTOS, OPENSUSE, UBUNTU, DEBIAN, SLACKWARE.

 

Download And Install

At the shell prompt as root and these scripts will only keep one process and only as root:

# wget http://linux-easy-admin-utilities.googlecode.com/files/linux-easy-admin-util-v0.2.tar.gz
# tar -zxvf linux-easy-admin-util-v0.2.tar.gz
# cp easy-admin/* /usr/local/bin/
# adtdepchk

Does a dependency check, i.e. the utility will check if the system has got the necessary apps installed, a few are ip, grep, awk, netstat etc. which are mostly part of the base system.

This should give you a list of dependency error list. The available Auditors features explained at end of page and their syntax are:

genadtchk [ -h -v  -c ]
dskadtchk [ -a -h -v -c ]
fsadtchk [-a -h -v -c ]
netadtchk [-a -h -v -c ]
usradtchk [-c -h -v ]

The audited data is copied into a file in /tmp/<utility folder>/filename and a tmp folder cleaner is provided.

An additional utility that is bundled along is the password generator:

pwgen

 

Download

http://code.google.com/p/linux-easy-admin-utilities/
http://sourceforge.net/projects/lnxesyadmutil/

Website:
http://linux-easy-admin-utilities.blogspot.com/

 

Features

genadtchk - General Audit Checker: This script generates simple information about your system. Basic system, Memory, Disk, File System, Network data is audited.

dskadtchk - Disk Audit Checker: This script generates complete and compressive information about your systems disk and storage. Total disks at boot time, contained partitions, partitions used, removable disks, capacity and free capacity etc.

fsadtchk - File System Audit Checker: This script generates complete and compressive information about the systems FS usage and current mounted, total available, type, size, free, and space occupying number one folder or file from the FS.

netadtchk - Network Audit Checker: This script  generates complete and compressive information about the network interfaces - hardware, virtual, local and other , firewall and its status, outgoing firewall status, current process that are having listening processes, port - ip - process - executable table, IPV4/6 feature, forwarding, masquerading for the system.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by imid (not registered) on Wed, 2012-02-01 20:53.

The scripts had issues with recognizing red hat servers; it was using grep –I rhel which is not in /proc/version.  Maybe the scripts should use red or red hat or look in /etc/redhat-release for red or red hat.

Submitted by Molinero (not registered) on Tue, 2012-01-31 14:33.

A little mistake

 change

dksadtchk [ -a -h -v -c ]

for

dskadtchk [ -a -h -v -c ]

Submitted by Joe (not registered) on Mon, 2012-01-30 04:14.

What is wrong with logwatch? This creates detailed information and sends the output to your mailbox.

 Not that there is no room for more tools, just that you said...

 "Basic Linux system auditing is a bit tricky and data collected and information of that is out of place and readability is not that good."

 And that is not entirely true if you know where to look :)

 Joe

Submitted by Luigi (not registered) on Thu, 2012-01-26 00:04.
not dksadtchk but dskadtchk :-) thanks for your very useful scripts