* Audit class/lab @ 2015-07-15 22:19 Steve Grubb 2015-07-16 17:03 ` Smith, Gary R 2015-08-31 14:15 ` Steve Grubb 0 siblings, 2 replies; 6+ messages in thread From: Steve Grubb @ 2015-07-15 22:19 UTC (permalink / raw) To: linux-audit Hello, I normally don't put the word out about speeches I give, or things like that. But I am going to be teaching a hands-on audit class to demonstrate how to configure, setup rules, and do searching and reporting using the native linux audit tools. The lab will be part of the Defence in Depth conference in Washington (Tyson's Cormers, VA) on Sept 1. Its free, you just have to register. More info: http://www.redhat.com/en/about/events/2015-defense-depth I will be going over new features that aids insider threat detection and signs of intrusion in addition to basics. Bring your questions and problems, let's talk. -Steve ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Audit class/lab 2015-07-15 22:19 Audit class/lab Steve Grubb @ 2015-07-16 17:03 ` Smith, Gary R 2015-07-16 18:12 ` Steve Grubb 2015-08-31 14:15 ` Steve Grubb 1 sibling, 1 reply; 6+ messages in thread From: Smith, Gary R @ 2015-07-16 17:03 UTC (permalink / raw) To: Steve Grubb, linux-audit Hi Steve, Any chance that your presentation would get recorded for later viewing by those of us who have no budget for travel at the end of the fiscal year? Best regards, Gary Smith On 07/15/2015 03:22 PM, Steve Grubb wrote: > Hello, > > I normally don't put the word out about speeches I give, or things like that. > But I am going to be teaching a hands-on audit class to demonstrate how to > configure, setup rules, and do searching and reporting using the native linux > audit tools. > > The lab will be part of the Defence in Depth conference in Washington (Tyson's > Cormers, VA) on Sept 1. Its free, you just have to register. More info: > > http://www.redhat.com/en/about/events/2015-defense-depth > > I will be going over new features that aids insider threat detection and signs > of intrusion in addition to basics. Bring your questions and problems, let's > talk. > > -Steve > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Audit class/lab 2015-07-16 17:03 ` Smith, Gary R @ 2015-07-16 18:12 ` Steve Grubb 2015-07-24 22:39 ` Burn Alting 0 siblings, 1 reply; 6+ messages in thread From: Steve Grubb @ 2015-07-16 18:12 UTC (permalink / raw) To: Smith, Gary R; +Cc: linux-audit On Thursday, July 16, 2015 05:03:26 PM Smith, Gary R wrote: > Any chance that your presentation would get recorded for later viewing > by those of us who have no budget for travel at the end of the fiscal year? This presentation will not be recorded. Slides will be available. I might do something separately from this conference so that there's something people can watch. But I expect the lab to be interactive where people can say, "We have these requirements, what would be the best way to do it?" And sometimes, there isn't a best way and I take notes to look into it more deeply. -Steve > On 07/15/2015 03:22 PM, Steve Grubb wrote: > > Hello, > > > > I normally don't put the word out about speeches I give, or things like > > that. But I am going to be teaching a hands-on audit class to demonstrate > > how to configure, setup rules, and do searching and reporting using the > > native linux audit tools. > > > > The lab will be part of the Defence in Depth conference in Washington > > (Tyson's Cormers, VA) on Sept 1. Its free, you just have to register. > > More info: > > > > http://www.redhat.com/en/about/events/2015-defense-depth > > > > I will be going over new features that aids insider threat detection and > > signs of intrusion in addition to basics. Bring your questions and > > problems, let's talk. > > > > -Steve > > > > -- > > Linux-audit mailing list > > Linux-audit@redhat.com > > https://www.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Audit class/lab 2015-07-16 18:12 ` Steve Grubb @ 2015-07-24 22:39 ` Burn Alting 2015-07-27 13:35 ` Steve Grubb 0 siblings, 1 reply; 6+ messages in thread From: Burn Alting @ 2015-07-24 22:39 UTC (permalink / raw) To: Steve Grubb; +Cc: linux-audit Steve, The agenda infers that to attend a lab, you must bring a wifi-capable laptop with an SSH client installed. Is this a requirement for your lab or just the Applied SCAP Lab? Regards On Thu, 2015-07-16 at 14:12 -0400, Steve Grubb wrote: > On Thursday, July 16, 2015 05:03:26 PM Smith, Gary R wrote: > > Any chance that your presentation would get recorded for later viewing > > by those of us who have no budget for travel at the end of the fiscal year? > > This presentation will not be recorded. Slides will be available. I might do > something separately from this conference so that there's something people can > watch. But I expect the lab to be interactive where people can say, "We have > these requirements, what would be the best way to do it?" And sometimes, > there isn't a best way and I take notes to look into it more deeply. > > -Steve > > > > On 07/15/2015 03:22 PM, Steve Grubb wrote: > > > Hello, > > > > > > I normally don't put the word out about speeches I give, or things like > > > that. But I am going to be teaching a hands-on audit class to demonstrate > > > how to configure, setup rules, and do searching and reporting using the > > > native linux audit tools. > > > > > > The lab will be part of the Defence in Depth conference in Washington > > > (Tyson's Cormers, VA) on Sept 1. Its free, you just have to register. > > > More info: > > > > > > http://www.redhat.com/en/about/events/2015-defense-depth > > > > > > I will be going over new features that aids insider threat detection and > > > signs of intrusion in addition to basics. Bring your questions and > > > problems, let's talk. > > > > > > -Steve > > > > > > -- > > > Linux-audit mailing list > > > Linux-audit@redhat.com > > > https://www.redhat.com/mailman/listinfo/linux-audit > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Audit class/lab 2015-07-24 22:39 ` Burn Alting @ 2015-07-27 13:35 ` Steve Grubb 0 siblings, 0 replies; 6+ messages in thread From: Steve Grubb @ 2015-07-27 13:35 UTC (permalink / raw) To: burn; +Cc: linux-audit On Saturday, July 25, 2015 08:39:22 AM Burn Alting wrote: > Steve, > > The agenda infers that to attend a lab, you must bring a wifi-capable > laptop with an SSH client installed. > > Is this a requirement for your lab or just the Applied SCAP Lab? Its not my requirement. However, since it will be about Linux auditing and people are requested to have a laptop with a linux image available, ssh client should be there. Again, no plans for ssh right now. -Steve > On Thu, 2015-07-16 at 14:12 -0400, Steve Grubb wrote: > > On Thursday, July 16, 2015 05:03:26 PM Smith, Gary R wrote: > > > Any chance that your presentation would get recorded for later viewing > > > by those of us who have no budget for travel at the end of the fiscal > > > year? > > > > This presentation will not be recorded. Slides will be available. I might > > do something separately from this conference so that there's something > > people can watch. But I expect the lab to be interactive where people can > > say, "We have these requirements, what would be the best way to do it?" > > And sometimes, there isn't a best way and I take notes to look into it > > more deeply. > > > > -Steve > > > > > On 07/15/2015 03:22 PM, Steve Grubb wrote: > > > > Hello, > > > > > > > > I normally don't put the word out about speeches I give, or things > > > > like > > > > that. But I am going to be teaching a hands-on audit class to > > > > demonstrate > > > > how to configure, setup rules, and do searching and reporting using > > > > the > > > > native linux audit tools. > > > > > > > > The lab will be part of the Defence in Depth conference in Washington > > > > (Tyson's Cormers, VA) on Sept 1. Its free, you just have to register. > > > > More info: > > > > > > > > http://www.redhat.com/en/about/events/2015-defense-depth > > > > > > > > I will be going over new features that aids insider threat detection > > > > and > > > > signs of intrusion in addition to basics. Bring your questions and > > > > problems, let's talk. > > > > > > > > -Steve > > > > > > > > -- > > > > Linux-audit mailing list > > > > Linux-audit@redhat.com > > > > https://www.redhat.com/mailman/listinfo/linux-audit > > > > -- > > Linux-audit mailing list > > Linux-audit@redhat.com > > https://www.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Audit class/lab 2015-07-15 22:19 Audit class/lab Steve Grubb 2015-07-16 17:03 ` Smith, Gary R @ 2015-08-31 14:15 ` Steve Grubb 1 sibling, 0 replies; 6+ messages in thread From: Steve Grubb @ 2015-08-31 14:15 UTC (permalink / raw) To: linux-audit On Wednesday, July 15, 2015 06:19:30 PM Steve Grubb wrote: > Hello, > > I normally don't put the word out about speeches I give, or things like > that. But I am going to be teaching a hands-on audit class to demonstrate > how to configure, setup rules, and do searching and reporting using the > native linux audit tools. > > The lab will be part of the Defence in Depth conference in Washington > (Tyson's Cormers, VA) on Sept 1. Its free, you just have to register. More > info: > > http://www.redhat.com/en/about/events/2015-defense-depth > > I will be going over new features that aids insider threat detection and > signs of intrusion in addition to basics. Bring your questions and > problems, let's talk. For anyone attending the class tomorrow, I have a tarball with some rules for you to install. These rules are not exactly what I'd suggest running with on a daily basis, they are intended to cause different kinds of events that we'll talk about. Please install them before the class so that you have events to see. http://people.redhat.com/sgrubb/files/lab.tar.gz I'd also suggest using Fedora 22 or RHEL7 or any distribution that's recent. If you can, I'd also suggest using the most recent audit package. Thanks, -Steve ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-08-31 14:15 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2015-07-15 22:19 Audit class/lab Steve Grubb 2015-07-16 17:03 ` Smith, Gary R 2015-07-16 18:12 ` Steve Grubb 2015-07-24 22:39 ` Burn Alting 2015-07-27 13:35 ` Steve Grubb 2015-08-31 14:15 ` Steve Grubb
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.