assistanz
Assistanz

Generate Audit reports in Linux

cPanel Server Management

 

For 24×7 cPanel Server Management with Monitoring, Unlimited Tech Support, Disaster Recovery, Security updates and much more Signup today!

aureport utility

The aureport utility allows you to generate summary and columnar reports on the events recorded in Audit log files. By default, all audit.log files in the /var/log/audit/ directory are queried to create the report. You can specify a different file to run the report against using the aureport options -if file_name command. But in most cases logrotate is configured for all the log files due to which the log file gets renewed after every regular interval of time and the report generated will be only as per the date log file started storing log files.

How to generate audit reports using aureport

To generate a report for logged events in the past three days excluding the current example day, use the following command:

# aureport –start 04/12/2016 00:00:00 –end 06/12/2016 00:00:00

To generate a report of all executable file events, use the following command:

# aureport -x

To generate a summary of the executable file event report above, use the following command:

# aureport -x –summary

To generate a summary report of failed events for all users, use the following command:

# aureport -u –failed –summary -i

To generate a summary report of all failed login attempts per each system user, use the following command:

# aureport –login –summary -i

To generate a report from an ausearch query that searches all file access events for user 500, use the following command:

# ausearch –start today –loginuid 500 –raw | aureport -f –summary

To generate a report of all Audit files that are queried and the time range of events they include, use the following command:

# aureport -t

Track all the successful and failed login attempts

Example

All the login attempts made to your system are stored in /var/log/secure.

# less /var/log/secure | grep root
Sep 18 21:03:37 localhost login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Sep 18 21:05:36 localhost sshd[10297]: Accepted password for root from 192.168.1.58 port 63334 ssh2
Sep 18 21:05:36 localhost sshd[10297]: pam_unix(sshd:session): session opened for user root by (uid=0)
Sep 18 21:08:26 localhost sshd[10549]: Accepted publickey for root from 192.168.1.58 port 36613 ssh2: RSA 1a:f7:cc:37:91:e2:a1:9a:f7:a5:96:1a:4b:22:15:94
Sep 18 21:08:26 localhost sshd[10549]: pam_unix(sshd:session): session opened for user root by (uid=0)
Sep 18 21:08:28 localhost sshd[10549]: pam_unix(sshd:session): session closed for user root

To collect authentication reports for all the attempts made to your system recently.

# aureport -au -i

Authentication Report
============================================
# date time acct host term exe success event
============================================
1. 09/18/2016 21:03:37 root ? tty1 /usr/bin/login yes 36
2. 09/18/2016 21:05:36 root 192.168.1.59 ssh /usr/sbin/sshd yes 54
3. 09/18/2016 21:05:36 root 192.168.1.59 ssh /usr/sbin/sshd yes 57
4. 09/18/2016 21:08:26 root 192.168.1.60 ? /usr/sbin/sshd yes 85
5. 09/18/2016 21:08:26 root 192.168.1.60 ? /usr/sbin/sshd yes 86
6. 09/18/2016 21:08:26 root 192.168.1.60 ssh /usr/sbin/sshd yes 89
7. 12/06/2016 23:21:59 root ? tty1 /usr/bin/login yes 36
8. 12/06/2016 23:24:12 root 192.168.1.60 ? /usr/sbin/sshd yes 53
9. 12/06/2016 23:24:12 root 192.168.1.60 ? /usr/sbin/sshd yes 54
10. 12/06/2016 23:24:12 root 192.168.1.60 ssh /usr/sbin/sshd yes 57
Collect all success reports
# aureport -au -i –success

Authentication Report
============================================
# date time acct host term exe success event
============================================
1. 09/18/2016 21:03:37 root ? tty1 /usr/bin/login yes 36
2. 09/18/2016 21:05:36 root 192.168.1.45 ssh /usr/sbin/sshd yes 54
3. 09/18/2016 21:05:36 root 192.168.1.45 ssh /usr/sbin/sshd yes 57
4. 09/18/2016 21:08:26 root 192.168.1.60 ? /usr/sbin/sshd yes 85
5. 09/18/2016 21:08:26 root 192.168.1.60 ? /usr/sbin/sshd yes 86
6. 09/18/2016 21:08:26 root 192.168.1.60 ssh /usr/sbin/sshd yes 89
7. 12/06/2016 23:21:59 root ? tty1 /usr/bin/login yes 36
Collect all failed reports
# aureport -au -i –failed

Authentication Report
============================================
# date time acct host term exe success event
============================================
1. 12/06/2016 23:25:10 root 192.168.1.45 ssh /usr/sbin/sshd no 73
Login Failures
# aureport -l –failed

Login Report
============================================
# date time auid host term exe success event
============================================
1. 09/18/2016 21:08:15 gopal 192.168.1.60 ssh /usr/sbin/sshd no 79
2. 12/06/2016 23:25:11 root 192.168.1.45 ssh /usr/sbin/sshd no 80
3. 12/07/2016 00:04:05 gopal 192.168.1.45 ssh /usr/sbin/sshd no 156
4. 12/07/2016 00:33:11 gopal 192.168.1.49 ssh /usr/sbin/sshd no 167
5. 12/07/2016 00:39:04 root 192.168.1.43 ssh /usr/sbin/sshd no 179
Successful Logins
# aureport -l –success

Login Report
============================================
# date time auid host term exe success event
============================================
1. 09/18/2016 21:03:37 -1 ? tty1 /usr/bin/login yes 43
2. 09/18/2016 21:05:37 -1 192.168.1.45 /dev/pts/0 /usr/sbin/sshd yes 62
3. 09/18/2016 21:08:26 -1 192.168.1.60 /dev/pts/1 /usr/sbin/sshd yes 94
4. 12/06/2016 23:21:59 -1 ? tty1 /usr/bin/login yes 43
Login summary report
# aureport -l –success –summary -i

Success Login Summary Report
============================
total auid
============================
14 root
7 gopal

cPanel Server Management 

AssistanZ is a pioneer in offering 24×7 cPanel Server Management Service since 2004. We offer 24×7 cPanel Server Management

 

cPanel Server Management

cPanel Installation and Setup

cPanel Server Optimization

cPanel Server Migration

cPanel Server Security and Hardering

cPanel Server Monitoring

cPanel Server Hack Recovery

and Much more    

DirectAdmin Server Management Plans

Premium Support

24/7 End User Support from your Helpdesk
$ 99 Monthly / Server
  • Unlimited Support Plan
  • 24/7 Emergency Phone
  • Chat Support for Admin
  • Separate Account Manager
  • NDA & SLA
  • SLA Review Meetings
  • FREE Consultancy Services
  • Simple SignUp Process
  • Instant Account Activation
  •  

Platinum Support

24/7 Proactive Support
$ 49 Monthly / Server
  • Unlimited Support Plan
  • 24/7 Emergency Phone
  • Chat Support for Admin
  • Separate Account Manager
  • Advance Proactive Monitoring
  • Guaranteed SLA
  • SLA Review Meetings
  • 3rd Party Application Support
  • FREE Consultancy Services
  • Server Migration Support
  • Weekly Status Report
  • No End User Support
Popular

Unlimited Support

24/7 Support

$ 30 Monthly / Server
  • Unlimited Support Plan
  • 24/7 Support
  • Basic Monitoring
  • 30 Minutes Response Time
  • 4 Hours Resolution time for the Possible Issues
  • Security and Performance Optimization
  • React to Customers queries
  • Simple SignUp Process
  • Instant Account Activation
  • No Third party application support
  • No Migration and End User Support

Cpanel Server Management Plans

Premium Support

24/7 End User Support from your Helpdesk

$ 99 Monthly / Server
  • 24/7 End User White Label Support
  • Unlimited Number of Tickets
  • Chat Support for Admin
  • Separate Account Manager
  • Guaranteed SLA
  • Weekly Status Reports
  • FREE Consultancy Services
  • Simple SignUp Process
  • Instant Account Activation

Platinum Support

24/7 Proactive Server Management
$ 49 Monthly / Server
  • Unlimited Support Plan
  • 24/7 Emergency Phone
  • Chat Support for Admin
  • Separate Account Manager
  • Advance Proactive Monitoring
  • Guaranteed SLA
  • SLA Review Meetings
  • 3rd Party Application Support
  • FREE Consultancy Services
  • Server Migration Support
  • Weekly Status Report
  • No End User Support
Popular

Unlimited Support

24/7 Server Management

$ 29 Monthly / Server
  • Unlimited Admin Tasks
  • 24/7 Support
  • Basic Monitoring
  • 30 Minutes Response time
  • 4 hours Response time for possible issues
  • Security and Performance Optimization
  • React to Customers queries
  • No Third party application support
  • No Migration and End User Support

Cpanel Server Management Plans

Premium Support

24/7 End User Support from your Helpdesk

$ 99 Monthly / Server
  • 24/7 End User White Label Support
  • Unlimited Number of Tickets
  • Chat Support for Admin
  • Separate Account Manager
  • Guaranteed SLA
  • Weekly Status Reports
  • FREE Consultancy Services
  • Simple SignUp Process
  • Instant Account Activation

Platinum Support

24/7 Proactive Server Management
$ 49 Monthly / Server
  • Unlimited Support Plan
  • 24/7 Emergency Phone
  • Chat Support for Admin
  • Separate Account Manager
  • Advance Proactive Monitoring
  • Guaranteed SLA
  • SLA Review Meetings
  • 3rd Party Application Support
  • FREE Consultancy Services
  • Server Migration Support
  • Weekly Status Report
  • No End User Support
Popular

Unlimited Support

24/7 Server Management

$ 29 Monthly / Server
  • Unlimited Admin Tasks
  • 24/7 Support
  • Basic Monitoring
  • 30 Minutes Response time
  • 4 hours Response time for possible issues
  • Security and Performance Optimization
  • React to Customers queries
  • No Third party application support
  • No Migration and End User Support