From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: Audit class/lab Date: Mon, 31 Aug 2015 10:15:15 -0400 Message-ID: <1950995.dxtZu9qf9s@x2> References: <1604626.3lxFnqoXVB@x2> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from x2.localnet (vpn-238-90.phx2.redhat.com [10.3.238.90]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t7VEFDnb003805 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 31 Aug 2015 10:15:13 -0400 In-Reply-To: <1604626.3lxFnqoXVB@x2> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com On Wednesday, July 15, 2015 06:19:30 PM Steve Grubb wrote: > Hello, > > I normally don't put the word out about speeches I give, or things like > that. But I am going to be teaching a hands-on audit class to demonstrate > how to configure, setup rules, and do searching and reporting using the > native linux audit tools. > > The lab will be part of the Defence in Depth conference in Washington > (Tyson's Cormers, VA) on Sept 1. Its free, you just have to register. More > info: > > http://www.redhat.com/en/about/events/2015-defense-depth > > I will be going over new features that aids insider threat detection and > signs of intrusion in addition to basics. Bring your questions and > problems, let's talk. For anyone attending the class tomorrow, I have a tarball with some rules for you to install. These rules are not exactly what I'd suggest running with on a daily basis, they are intended to cause different kinds of events that we'll talk about. Please install them before the class so that you have events to see. http://people.redhat.com/sgrubb/files/lab.tar.gz I'd also suggest using Fedora 22 or RHEL7 or any distribution that's recent. If you can, I'd also suggest using the most recent audit package. Thanks, -Steve