Linux Server Admin with Fexingo: Sysadmin, Bash, and Server Engineering

How to Use Linux Server Audit Logs for Incident Response


Listen Later

In episode 70 of Linux Server Admin with Fexingo, Lucas and Luna dive into Linux server audit logs for incident response. They walk through a real-world scenario: detecting an unauthorized SSH key addition on a production server using auditd rules, ausearch, and aureport. Lucas explains how to set up watches on critical files, interpret audit events, and generate a concise timeline of attacker activity. The show covers practical commands and tips for sysadmins building a forensic-ready logging setup, including avoiding common pitfalls like log noise and missing context from PID reuse. By the end, you'll know how to answer the key question: 'what happened, when, and how?'

#LinuxServerAudit #Auditd #IncidentResponse #Sysadmin #Security #Forensics #Bash #ServerHardening #Linux #TechPodcast #FexingoBusiness #BusinessPodcast #Ausearch #Aureport #SSHKeyMonitoring #LogAnalysis #ThreatDetection #Technology

Keep every episode free: buymeacoffee.com/fexingo

...more
View all episodesView all episodes
Download on the App Store

Linux Server Admin with Fexingo: Sysadmin, Bash, and Server EngineeringBy Fexingo