<div>Thanks Phil,</div><div><br></div><div><i>>>The first one that comes to mind is "sudo" + syslog on UNIX systems. Other than that, any of the MAC (Mandatory Access Control) systems >>on Unix/Linux would deliver 1 and 2 - systems like AppArmor will enforce and/or log access to resources by applications and users alike.</i><br>
<div><br></div><div>Yeah, though I was hoping for a software or tool that combines this like say Nessus does for vulnerability assessment, not restrict one but spot irregularities i.e when 2-4 sysadmin are logged into the system instead of one having to type “w”, it automates this and preferably work for both Linux and Windows.</div>
<div><br></div><div><i>>>If you're thinking about something else, or have a commercial tool you can cite as a reference, that might help orient the search :)</i></div><div><br></div><div>True, kinda depends what I needed done, but I guess what rancid also does for routers would work here. Ones notified when a change is made and one can track and so has ref material to undo the change, etc. The commercial tools I have come across so far are;</div>
<div><ul><li>Consul InSight Security Manager</li><li>Oversight’s B-PUMA</li><li>Tizor’s Mantra</li><li>SANS-Logrhythm</li></ul></div><div>Though these are more designed for enterprises and thus bulky, likely quite expensive to buy or manage and would be overkill for a SOHO/SMB. </div>
<div><br></div><div>--<br>Ismail</div><div><br></div><div> </div><div class="gmail_extra"><div class="gmail_quote">On 26 April 2012 11:55, Phil Regnauld <span dir="ltr"><<a href="mailto:regnauld@nsrc.org" target="_blank">regnauld@nsrc.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">Ismail M. Settenda (ismail) writes:<br>
> Hi,<br>
><br>
> Anybody out there know any open source “Privileged User Monitoring and<br>
> Audit (PUMA)” solutions that would assist me say;<br>
><br>
</div>> 1. Know and detect escalation of privileges.<br>
> 2. Know if an unauthorized user gained access to and misused privileged<br>
> credentials?<br>
> 3.<br>
<div class="im">><br>
> Monitor the actions of these users for security and compliance reporting<br>
><br>
> Best regards<br>
<br>
</div> The first one that comes to mind is "sudo" + syslog on UNIX systems.<br>
<br>
Other than that, any of the MAC (Mandatory Access Control) systems on<br>
Unix/Linux would deliver 1 and 2 - systems like AppArmor will enforce and/<br>
or log access to resources by applications and users alike.<br>
<br>
Windows has similar built-in functionality, but I don't know of what<br>
tools are available in Open source form that would allow audit.<br>
<br>
Step 3 is more vague, as it might be based on rules that are not<br>
necessarily strictly enforceable.<br>
<br>
If you're thinking about something else, or have a commercial tool<br>
you can cite as a reference, that might help orient the search :)<br>
<br>
Cheers,<br>
Phil<br>
</blockquote></div><br></div></div>