
Sign up to save your podcasts
Or


In episode 70 of Linux Server Admin with Fexingo, Lucas and Luna dive into Linux server audit logs for incident response. They walk through a real-world scenario: detecting an unauthorized SSH key addition on a production server using auditd rules, ausearch, and aureport. Lucas explains how to set up watches on critical files, interpret audit events, and generate a concise timeline of attacker activity. The show covers practical commands and tips for sysadmins building a forensic-ready logging setup, including avoiding common pitfalls like log noise and missing context from PID reuse. By the end, you'll know how to answer the key question: 'what happened, when, and how?'
#LinuxServerAudit #Auditd #IncidentResponse #Sysadmin #Security #Forensics #Bash #ServerHardening #Linux #TechPodcast #FexingoBusiness #BusinessPodcast #Ausearch #Aureport #SSHKeyMonitoring #LogAnalysis #ThreatDetection #Technology
Keep every episode free: buymeacoffee.com/fexingo
By FexingoIn episode 70 of Linux Server Admin with Fexingo, Lucas and Luna dive into Linux server audit logs for incident response. They walk through a real-world scenario: detecting an unauthorized SSH key addition on a production server using auditd rules, ausearch, and aureport. Lucas explains how to set up watches on critical files, interpret audit events, and generate a concise timeline of attacker activity. The show covers practical commands and tips for sysadmins building a forensic-ready logging setup, including avoiding common pitfalls like log noise and missing context from PID reuse. By the end, you'll know how to answer the key question: 'what happened, when, and how?'
#LinuxServerAudit #Auditd #IncidentResponse #Sysadmin #Security #Forensics #Bash #ServerHardening #Linux #TechPodcast #FexingoBusiness #BusinessPodcast #Ausearch #Aureport #SSHKeyMonitoring #LogAnalysis #ThreatDetection #Technology
Keep every episode free: buymeacoffee.com/fexingo