[afnog] PUMA - Opensource solutions
Phil Regnauld
regnauld at nsrc.org
Thu Apr 26 08:55:12 UTC 2012
Ismail M. Settenda (ismail) writes:
> Hi,
>
> Anybody out there know any open source “Privileged User Monitoring and
> Audit (PUMA)” solutions that would assist me say;
>
> 1. Know and detect escalation of privileges.
> 2. Know if an unauthorized user gained access to and misused privileged
> credentials?
> 3.
>
> Monitor the actions of these users for security and compliance reporting
>
> Best regards
The first one that comes to mind is "sudo" + syslog on UNIX systems.
Other than that, any of the MAC (Mandatory Access Control) systems on
Unix/Linux would deliver 1 and 2 - systems like AppArmor will enforce and/
or log access to resources by applications and users alike.
Windows has similar built-in functionality, but I don't know of what
tools are available in Open source form that would allow audit.
Step 3 is more vague, as it might be based on rules that are not
necessarily strictly enforceable.
If you're thinking about something else, or have a commercial tool
you can cite as a reference, that might help orient the search :)
Cheers,
Phil
More information about the afnog
mailing list