CentOS - Jul 2021 - Auditing all Linux clients with centralised server

This is what I remember about evil
Microsoft...............................
In 1992, Microsoft released Windows NT, and advertised it as the
greatest operating system and began giving away free licenses to
colleges and universities and hiring public relations firms to publish
phony surveys and results to prove Windows NT was better than Novell
NetWare or any other OS.  Meanwhile, it took 4 years for Microsoft to
finally install Windows NT at their HQ in Redmond, Washington.  Why so
long?  Because they were successfully running Novell NetWare, the same
NetWare that Microsoft was slowly destroying with FUD in the tech
journals and media with phony surveys.
Someone here said a leopard never changes his spots, KUDOS Sir!
Microsoft is a cancer, a cancer to freedom, a cancer to innovation and
always was, who didn't they destroy back in the 90's and early
2000's?  They stole Word from WordPerfect, they stole Office from
Borland, and Excel was plagiarized from Lotus 1-2-3.
Microsoft deserves to be hacked and destroyed and is the epitome of the
most evil and treacherous an American corporation can
become.................
I HATE MICROSOFT and so do many others who survived their FUD tactics
from the 90's.  Some of you weren't even born yet...............
I know Gates and Ballmer and company all to well....long before the
documentaries "Pirates Of Silicon Valley" and "Triumph Of The
Nerds".
Any efforts they make toward linux are for control and never for
freedom or innovation.  Control, power, greed are their only goals,
always.
WAKE UP!






On Fri, 2021-07-09 at 09:25 +0200, Ralf Prengel wrote:
> Zitat von Kaushal Shriyan <kaushalshriyan at gmail.com>:
> Hi,
> I have 20 Linux servers in the network. Is there a way to audit all
> Linuxclients using a centralized server? For example, what commands
> are run byJohn on Linuxnode1? Steve on Linuxnode15? and so on and so
> forth totrack user activity. Which files have been modified or edited
> or commandsetc...... by the users.
> I have installed auditd, but it is local to the Linux server.Thanks
> in advance.
> 
> Hallo,what is about ansible for example.Ralf
> 
> 
> _______________________________________________CentOS mailing
> listCentOS at centos.orghttps://lists.centos.org/mailman/listinfo/centos

Before anyone mentions "charity" and Bill Gates foundation............
just remember how many good technology companies and software that
Microsoft destroyed with FUD tactics in the 80's, 90's, and
2000's.........
charity begins at home they say in America...........
what about those few million employees who lost jobs, homes, cars,
savings because Microsoft destroyed their companies?  what about
them?  where was their charity?
In America it's all too common to use treachery, dishonesty in business
and politics to climb to the top, and destroy competition, and then
pretend to give to charitable causes...
pure hypocrisy........blatant hypocrisy
I for one cannot be bought, never......
as a veteran and so many other things, I will never surrender to
corporate bullying from anyone, including Amazon, I left AWS for
similar reasons..........
I am proud to say I have not used a Windows OS since
1995............and still refuse to this day to allow any Microsoft
devices attach to my SOHO networks...
same for Apple and IBM and Oracle.........
freedom is more than an idea, more than a principle, it is a lifestyle
too!






On Fri, 2021-07-09 at 08:14 -0400, mario juliano grande-balletta
wrote:
> This is what I remember about evil
> Microsoft...............................
> In 1992, Microsoft released Windows NT, and advertised it as the
> greatest operating system and began giving away free licenses to
> colleges and universities and hiring public relations firms to
> publish phony surveys and results to prove Windows NT was better than
> Novell NetWare or any other OS.  Meanwhile, it took 4 years for
> Microsoft to finally install Windows NT at their HQ in Redmond,
> Washington.  Why so long?  Because they were successfully running
> Novell NetWare, the same NetWare that Microsoft was slowly destroying
> with FUD in the tech journals and media with phony surveys.
> Someone here said a leopard never changes his spots, KUDOS Sir!
> Microsoft is a cancer, a cancer to freedom, a cancer to innovation
> and always was, who didn't they destroy back in the 90's and early
> 2000's?  They stole Word from WordPerfect, they stole Office from
> Borland, and Excel was plagiarized from Lotus 1-2-3.
> Microsoft deserves to be hacked and destroyed and is the epitome of
> the most evil and treacherous an American corporation can
> become.................
> I HATE MICROSOFT and so do many others who survived their FUD tactics
> from the 90's.  Some of you weren't even born yet...............
> I know Gates and Ballmer and company all to well....long before the
> documentaries "Pirates Of Silicon Valley" and "Triumph Of
The Nerds".
> Any efforts they make toward linux are for control and never for
> freedom or innovation.  Control, power, greed are their only goals,
> always.
> WAKE UP!
> 
> 
> 
> 
> 
> 
> 
> On Fri, 2021-07-09 at 09:25 +0200, Ralf Prengel wrote:
> > Zitat von Kaushal Shriyan <kaushalshriyan at gmail.com>:
> > Hi,
> > I have 20 Linux servers in the network. Is there a way to audit all
> > Linuxclients using a centralized server? For example, what commands
> > are run byJohn on Linuxnode1? Steve on Linuxnode15? and so on and
> > so forth totrack user activity. Which files have been modified or
> > edited or commandsetc...... by the users.
> > I have installed auditd, but it is local to the Linux server.Thanks
> > in advance.
> > 
> > Hallo,what is about ansible for example.Ralf
> > 
> > 
> > _______________________________________________CentOS mailing
> > listCentOS at centos.org
> > https://lists.centos.org/mailman/listinfo/centos

On Fri, 9 Jul 2021 at 08:14, mario juliano grande-balletta
<mario.balletta at gmail.com> wrote:
>
> This is what I remember about evil
> Microsoft...............................
> In 1992, Microsoft released Windows NT, and advertised it as the
> greatest operating system and began giving away free licenses to
This is drifting off of being anywhere on-topic for this list.


-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on  BBS...
time to reboot.

On Fri, Jul 09, 2021 at 08:14:06AM -0400, mario juliano grande-balletta
wrote:
> WAKE UP!
<sarcasm>Whew, I needed a wake up call!  I was falling asleep at my
keyboard!</sarcasm> 

In all seriousness, I think forwarding the audit logs works, and if
you just want to track when users execute a program, you'll need to
add an audit rule.  I believe we had something like this in
/etc/audit/rules.d/:

-a exit,always -F arch=b64 -F euid>1000 -S execve
-a exit,always -F arch=b32 -F euid>1000 -S execve

This captured all execve() syscalls for users with an effective User
ID greater than 1000 (so not to audit system processes).

We didn't actually send it to a remote auditd server, though, because
it was so chatty and we had a lot of users and workstations.  We had
an Elasticsearch cluster and sent the audit logs directly with
logstash and then Beaver
(https://python-beaver.readthedocs.io/en/latest/)
This was done because we had redundant ingesters and a cluster of ES
servers so logs were less likely to be dropped.

Then we had some simple frontends for the ES cluster to make it so we
could quickly bring up what processes a user ran on what system. (The
kibana interface is nice but too complex for a super simple query like
that.)  Along with collecting OS statistics like load, memory use,
etc., we could track what users ran and how much resources they used.

Of course, at this job, we dropped all that and switched to
Crowdstrike Falcon, a commercial security tool that does largely the
same thing but with a proprietary LSM.  

-- 
Jonathan Billings <billings at negate.org>