* Audit class/lab
@ 2015-07-15 22:19 Steve Grubb
2015-07-16 17:03 ` Smith, Gary R
2015-08-31 14:15 ` Steve Grubb
0 siblings, 2 replies; 6+ messages in thread
From: Steve Grubb @ 2015-07-15 22:19 UTC (permalink / raw)
To: linux-audit
Hello,
I normally don't put the word out about speeches I give, or things like that.
But I am going to be teaching a hands-on audit class to demonstrate how to
configure, setup rules, and do searching and reporting using the native linux
audit tools.
The lab will be part of the Defence in Depth conference in Washington (Tyson's
Cormers, VA) on Sept 1. Its free, you just have to register. More info:
http://www.redhat.com/en/about/events/2015-defense-depth
I will be going over new features that aids insider threat detection and signs
of intrusion in addition to basics. Bring your questions and problems, let's
talk.
-Steve
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Audit class/lab
2015-07-15 22:19 Audit class/lab Steve Grubb
@ 2015-07-16 17:03 ` Smith, Gary R
2015-07-16 18:12 ` Steve Grubb
2015-08-31 14:15 ` Steve Grubb
1 sibling, 1 reply; 6+ messages in thread
From: Smith, Gary R @ 2015-07-16 17:03 UTC (permalink / raw)
To: Steve Grubb, linux-audit
Hi Steve,
Any chance that your presentation would get recorded for later viewing
by those of us who have no budget for travel at the end of the fiscal year?
Best regards,
Gary Smith
On 07/15/2015 03:22 PM, Steve Grubb wrote:
> Hello,
>
> I normally don't put the word out about speeches I give, or things like that.
> But I am going to be teaching a hands-on audit class to demonstrate how to
> configure, setup rules, and do searching and reporting using the native linux
> audit tools.
>
> The lab will be part of the Defence in Depth conference in Washington (Tyson's
> Cormers, VA) on Sept 1. Its free, you just have to register. More info:
>
> http://www.redhat.com/en/about/events/2015-defense-depth
>
> I will be going over new features that aids insider threat detection and signs
> of intrusion in addition to basics. Bring your questions and problems, let's
> talk.
>
> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Audit class/lab
2015-07-16 17:03 ` Smith, Gary R
@ 2015-07-16 18:12 ` Steve Grubb
2015-07-24 22:39 ` Burn Alting
0 siblings, 1 reply; 6+ messages in thread
From: Steve Grubb @ 2015-07-16 18:12 UTC (permalink / raw)
To: Smith, Gary R; +Cc: linux-audit
On Thursday, July 16, 2015 05:03:26 PM Smith, Gary R wrote:
> Any chance that your presentation would get recorded for later viewing
> by those of us who have no budget for travel at the end of the fiscal year?
This presentation will not be recorded. Slides will be available. I might do
something separately from this conference so that there's something people can
watch. But I expect the lab to be interactive where people can say, "We have
these requirements, what would be the best way to do it?" And sometimes,
there isn't a best way and I take notes to look into it more deeply.
-Steve
> On 07/15/2015 03:22 PM, Steve Grubb wrote:
> > Hello,
> >
> > I normally don't put the word out about speeches I give, or things like
> > that. But I am going to be teaching a hands-on audit class to demonstrate
> > how to configure, setup rules, and do searching and reporting using the
> > native linux audit tools.
> >
> > The lab will be part of the Defence in Depth conference in Washington
> > (Tyson's Cormers, VA) on Sept 1. Its free, you just have to register.
> > More info:
> >
> > http://www.redhat.com/en/about/events/2015-defense-depth
> >
> > I will be going over new features that aids insider threat detection and
> > signs of intrusion in addition to basics. Bring your questions and
> > problems, let's talk.
> >
> > -Steve
> >
> > --
> > Linux-audit mailing list
> > Linux-audit@redhat.com
> > https://www.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Audit class/lab
2015-07-16 18:12 ` Steve Grubb
@ 2015-07-24 22:39 ` Burn Alting
2015-07-27 13:35 ` Steve Grubb
0 siblings, 1 reply; 6+ messages in thread
From: Burn Alting @ 2015-07-24 22:39 UTC (permalink / raw)
To: Steve Grubb; +Cc: linux-audit
Steve,
The agenda infers that to attend a lab, you must bring a wifi-capable
laptop with an SSH client installed.
Is this a requirement for your lab or just the Applied SCAP Lab?
Regards
On Thu, 2015-07-16 at 14:12 -0400, Steve Grubb wrote:
> On Thursday, July 16, 2015 05:03:26 PM Smith, Gary R wrote:
> > Any chance that your presentation would get recorded for later viewing
> > by those of us who have no budget for travel at the end of the fiscal year?
>
> This presentation will not be recorded. Slides will be available. I might do
> something separately from this conference so that there's something people can
> watch. But I expect the lab to be interactive where people can say, "We have
> these requirements, what would be the best way to do it?" And sometimes,
> there isn't a best way and I take notes to look into it more deeply.
>
> -Steve
>
>
> > On 07/15/2015 03:22 PM, Steve Grubb wrote:
> > > Hello,
> > >
> > > I normally don't put the word out about speeches I give, or things like
> > > that. But I am going to be teaching a hands-on audit class to demonstrate
> > > how to configure, setup rules, and do searching and reporting using the
> > > native linux audit tools.
> > >
> > > The lab will be part of the Defence in Depth conference in Washington
> > > (Tyson's Cormers, VA) on Sept 1. Its free, you just have to register.
> > > More info:
> > >
> > > http://www.redhat.com/en/about/events/2015-defense-depth
> > >
> > > I will be going over new features that aids insider threat detection and
> > > signs of intrusion in addition to basics. Bring your questions and
> > > problems, let's talk.
> > >
> > > -Steve
> > >
> > > --
> > > Linux-audit mailing list
> > > Linux-audit@redhat.com
> > > https://www.redhat.com/mailman/listinfo/linux-audit
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Audit class/lab
2015-07-24 22:39 ` Burn Alting
@ 2015-07-27 13:35 ` Steve Grubb
0 siblings, 0 replies; 6+ messages in thread
From: Steve Grubb @ 2015-07-27 13:35 UTC (permalink / raw)
To: burn; +Cc: linux-audit
On Saturday, July 25, 2015 08:39:22 AM Burn Alting wrote:
> Steve,
>
> The agenda infers that to attend a lab, you must bring a wifi-capable
> laptop with an SSH client installed.
>
> Is this a requirement for your lab or just the Applied SCAP Lab?
Its not my requirement. However, since it will be about Linux auditing and
people are requested to have a laptop with a linux image available, ssh client
should be there. Again, no plans for ssh right now.
-Steve
> On Thu, 2015-07-16 at 14:12 -0400, Steve Grubb wrote:
> > On Thursday, July 16, 2015 05:03:26 PM Smith, Gary R wrote:
> > > Any chance that your presentation would get recorded for later viewing
> > > by those of us who have no budget for travel at the end of the fiscal
> > > year?
> >
> > This presentation will not be recorded. Slides will be available. I might
> > do something separately from this conference so that there's something
> > people can watch. But I expect the lab to be interactive where people can
> > say, "We have these requirements, what would be the best way to do it?"
> > And sometimes, there isn't a best way and I take notes to look into it
> > more deeply.
> >
> > -Steve
> >
> > > On 07/15/2015 03:22 PM, Steve Grubb wrote:
> > > > Hello,
> > > >
> > > > I normally don't put the word out about speeches I give, or things
> > > > like
> > > > that. But I am going to be teaching a hands-on audit class to
> > > > demonstrate
> > > > how to configure, setup rules, and do searching and reporting using
> > > > the
> > > > native linux audit tools.
> > > >
> > > > The lab will be part of the Defence in Depth conference in Washington
> > > > (Tyson's Cormers, VA) on Sept 1. Its free, you just have to register.
> > > > More info:
> > > >
> > > > http://www.redhat.com/en/about/events/2015-defense-depth
> > > >
> > > > I will be going over new features that aids insider threat detection
> > > > and
> > > > signs of intrusion in addition to basics. Bring your questions and
> > > > problems, let's talk.
> > > >
> > > > -Steve
> > > >
> > > > --
> > > > Linux-audit mailing list
> > > > Linux-audit@redhat.com
> > > > https://www.redhat.com/mailman/listinfo/linux-audit
> >
> > --
> > Linux-audit mailing list
> > Linux-audit@redhat.com
> > https://www.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Audit class/lab
2015-07-15 22:19 Audit class/lab Steve Grubb
2015-07-16 17:03 ` Smith, Gary R
@ 2015-08-31 14:15 ` Steve Grubb
1 sibling, 0 replies; 6+ messages in thread
From: Steve Grubb @ 2015-08-31 14:15 UTC (permalink / raw)
To: linux-audit
On Wednesday, July 15, 2015 06:19:30 PM Steve Grubb wrote:
> Hello,
>
> I normally don't put the word out about speeches I give, or things like
> that. But I am going to be teaching a hands-on audit class to demonstrate
> how to configure, setup rules, and do searching and reporting using the
> native linux audit tools.
>
> The lab will be part of the Defence in Depth conference in Washington
> (Tyson's Cormers, VA) on Sept 1. Its free, you just have to register. More
> info:
>
> http://www.redhat.com/en/about/events/2015-defense-depth
>
> I will be going over new features that aids insider threat detection and
> signs of intrusion in addition to basics. Bring your questions and
> problems, let's talk.
For anyone attending the class tomorrow, I have a tarball with some rules for
you to install. These rules are not exactly what I'd suggest running with on a
daily basis, they are intended to cause different kinds of events that we'll
talk about. Please install them before the class so that you have events to
see.
http://people.redhat.com/sgrubb/files/lab.tar.gz
I'd also suggest using Fedora 22 or RHEL7 or any distribution that's recent.
If you can, I'd also suggest using the most recent audit package.
Thanks,
-Steve
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-08-31 14:15 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-15 22:19 Audit class/lab Steve Grubb
2015-07-16 17:03 ` Smith, Gary R
2015-07-16 18:12 ` Steve Grubb
2015-07-24 22:39 ` Burn Alting
2015-07-27 13:35 ` Steve Grubb
2015-08-31 14:15 ` Steve Grubb
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.