Log File

Linux security: Reviewing log files

Log files are the precious collection of system events. Still many people don't use them, until it is really needed. Let's go from the reactive use of log files to a proactive stance.

Summary of Linux security: Reviewing log files

Log files are the precious collection of system events. Still many people don’t use them, until it is really needed. Let’s go from the reactive use of log files to a proactive stance. The Logging Dilemma Capturing events helps in troubleshooting. By defining what events are ignored and which ones are logged, we get a quick overview on the status of a system. The dilemma is usually in how much logging is enough to get a fair picture and when is it too much.

Read the full article…

PCI DSS (v3) Linux: Restrict log file viewing (A.1.2.d)

Linux users who want to compliant with PCI DSS have to restrict log file viewing to only the owner. We have a look at how to discover log files which can be viewed by others.

Summary of PCI DSS (v3) Linux: Restrict log file viewing (A.1.2.d)

A.1.2.d Verify that viewing of log entries is restricted to the owning entity. To limit exposure to information, PCI DSS requires access of logging to only the entity owning that log file. In other words, we have to search for those entries which can be seen by others. Search related log files By default, most log files on Linux based systems will be stored in /var/log. We can do a quick check for any files which are world readable, by using find.

Read the full article…