YAAT- Yet Another Audit Tool – Command Line Auditing

We want to know who is typing which commands into our firewalls. Because we are using RADIUS auth, all users are “non_local” users in the Linus audit facility…and it was a big beast I did not want to dink with. So I wrote my own 1 liner.

AND because we are using GAIA, the syslog file kept getting overwritten on every reboot.

THIS

auditcommands.sh

Solves both problems.

log commands

 

Audit ON!

dreez

 

Advertisements
Post a comment or leave a trackback: Trackback URL.

Comments

  • Jonas Hauge  On October 28, 2014 at 4:04 am

    Hi Dreez,

    Thanks for the input on this problematic issue which Check Point has a hard time handling when looking at core infrastructure.

    I haven’t tested it myself but wouldn’t it be enough to ad “export BASH_LOGGER=ON” in /etc/bashrc ? Or does it still lacks the radius username?

    If I can find the time I will test it later this week.


    Regards, Jonas

    • Dreezman  On October 28, 2014 at 5:28 pm

      Hey THere,

      Not familiar with it. Sorry. Let us know!

      dreez

  • Jonas Hauge  On October 28, 2014 at 8:38 pm

    Ok, update. BASH_LOGGER=ON in /etc/bashrc will just log all commands to /var/log/messages under the ‘admin’ username. Only usable if there are only local users on the GAiA systems.

    /Jonas

  • Dreezman  On October 28, 2014 at 9:43 pm

    cool thanks for update. we probably could get it working if we dug deep enough but my 1 liner works.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: