I have recently been tasked to create a script that will daily check our firewalls for any security issues that might have happened. I am not very strong with Unix so I need a lot of help and dont know where to start.
Some things I have thought of so far is I want to search the audit.raw files for any occurrence of an admin account being changed. Also want to look for DNS lookups or port 80 GetRequests that are over 64k in size.
I was thinking i could run the script in a cronjob. Is that the best way?
My bosses would also like some kind of output that they can look at and understand.
I am sure there are a lot more things I should be looking for. Has anyone done something like this already or know a good place for me to start researching commands for this kind of task? Thank you in advance for any help you can offer.
Last edited by soccerfan; 12-15-2011 at 05:52 AM..
Hey Guys,
I'm seeking some assistance in getting this script to run as a cron job for the user oracle.. the script is basically to perform 2 ADRCI checks... see the script below... i'm getting the following error: /export/home/oracle/Daily_Checks/ADRCI_Daily_Checks.sh: syntax error at line 16:... (7 Replies)
Hi,
I really do not know how to describe this problem; but, I think it's a firewall
issue. My Distro is Slackware 12.0 (somewhat updated).
My company firewall uses Netfilter and the e-mail server uses Sendmail.
Let's say the firewall's Ext IP = A and Internal DMZ IP = B.
The firewall's... (0 Replies)
I have a process that I am trying to provide a solution for and have hit a brick wall and would like some pointers in the right direction.
Basically on a daily basis a report is automatically generated in a CSV format (FIRST.CSV) which includes codes and amounts in the following format:
... (6 Replies)
AUDIT_WARN(5) BSD File Formats Manual AUDIT_WARN(5)NAME
audit_warn -- alert when audit daemon issues warnings
DESCRIPTION
The audit_warn script runs when auditd(8) generates warning messages.
The default audit_warn is a script whose first parameter is the type of warning; the script appends its arguments to
/etc/security/audit_messages. Administrators may replace this script: a more comprehensive one would take different actions based on the
type of warning. For example, a low-space warning could result in an email message being sent to the administrator.
FILES
/etc/security/audit_warn
/etc/security/audit_messages
SEE ALSO audit(4), auditd(8)HISTORY
The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in
2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.
AUTHORS
This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Addi-
tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.
The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.
BSD March 17, 2004 BSD