[afnog] PUMA - Opensource solutions

Ismail M. Settenda ismail at habari.co.tz
Thu Apr 26 09:38:27 UTC 2012 

Thanks Phil,

*>>The first one that comes to mind is "sudo" + syslog on UNIX
systems. Other than that, any of the MAC (Mandatory Access Control) systems
>>on Unix/Linux would deliver 1 and 2 - systems like AppArmor will enforce
and/or log access to resources by applications and users alike.*

Yeah, though I was hoping for a software or tool that combines this like
say Nessus does for vulnerability assessment, not restrict one but spot
irregularities i.e when 2-4 sysadmin are logged into the system instead of
one having to type “w”, it automates this and preferably work for both
Linux and Windows.

*>>If you're thinking about something else, or have a commercial tool you
can cite as a reference, that might help orient the search :)*

True, kinda depends what I needed done, but I guess what rancid also does
for routers would work here. Ones notified when a change is made and one
can track and so has ref material to undo the change, etc. The commercial
tools I have come across so far are;

   - Consul InSight Security Manager
   - Oversight’s B-PUMA
   - Tizor’s Mantra
   - SANS-Logrhythm

Though these are more designed for enterprises and thus bulky, likely quite
expensive to buy or manage and would be overkill for a SOHO/SMB.

--
Ismail


On 26 April 2012 11:55, Phil Regnauld <regnauld at nsrc.org> wrote:

> Ismail M. Settenda (ismail) writes:
> > Hi,
> >
> > Anybody out there know any open source “Privileged User Monitoring and
> > Audit (PUMA)” solutions that would assist me say;
> >
> >    1. Know and detect escalation of privileges.
> >    2. Know if an unauthorized user gained access to and misused
> privileged
> >    credentials?
> >    3.
> >
> >    Monitor the actions of these users for security and compliance
> reporting
> >
> > Best regards
>
>         The first one that comes to mind is "sudo" + syslog on UNIX
> systems.
>
>        Other than that, any of the MAC (Mandatory Access Control) systems
> on
>        Unix/Linux would deliver 1 and 2 - systems like AppArmor will
> enforce and/
>        or log access to resources by applications and users alike.
>
>        Windows has similar built-in functionality, but I don't know of what
>        tools are available in Open source form that would allow audit.
>
>        Step 3 is more vague, as it might be based on rules that are not
>        necessarily strictly enforceable.
>
>        If you're thinking about something else, or have a commercial tool
>        you can cite as a reference, that might help orient the search :)
>
>        Cheers,
>        Phil
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20120426/54bdb4e3/attachment.html>

More information about the afnog mailing list