2018-09-29, 07:30–08:00 (UTC), Kuppel
The Linux Audit daemon is responsible for writing audit records to the disk, which you can then access with ausearch and aureport. However, it turned out that parsing and centralizing these records is not as easy as you would hope. Elastic's new Auditbeat fixes this by keeping the original configuration, but ships them to a centralized location where you can easily visualize all events.
You can also use Auditbeat to detect changes to critical files, like binaries and configuration files, and identify potential security policy violations. This talk shows you what can you do to discover changes, events, and potential security breaches as soon as possible on interactive dashboards. Additionally, we are combining Auditd events with logs, which are security relevant.
Stephen Hemminger is a Linux developer who specializes in networking. He is maintainer of the Linux bridging and the iproute2 utilities. Having been involved with TCP/IP since the early days of UNIX. He is a member of the DPDK Technical Advisory Board. Steve has written many network drivers for Linux including netem, vxlan, and Marvell sky2 Ethernet devices. Many of his contributions have involved integrating so many different networking pieces that he decided to give himself the title of Network Plumber.