This is the fifth in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified against Oracle Enterprise Linux (OEL) 5.5. You can download OEL here.
In Part 1 we reviewed a secure partitioning strategy, in Part 2 we performed a minimal install, in Part 3 we performed some mandatory housekeeping before starting the hardening process and in Part 4 we secured ssh. In this post we enable system accounting.
A Word of Caution
The actions outlined in these posts have been performed on a clean install of OEL 5.5 exactly as documented in these posts. If you are contemplating taking these actions on an existing server, please take appropriate precautions such as:
- Backing up the server
- Reviewing the content of all scripts before running them
- Testing the actions on a non-production server
The hardening steps in these posts were performed in the order posted. Performing these steps in a different order my result in unpredictable behavior. Also, all these scripts MUST be run as root, not as sudo.
Enable System Accounting
The system accounting function is enabled by the sysstat package. If you have performed a clean install of OEL as outlined in this series of posts than this package is already installed. Otherwise, install it if it does not exist.
System accounting provides for the regular collection of performance data and enables such commands as sar and iostat to report on this data.
Regular review of performance data provides a monitoring security control because it may be used to identify suspicious activity.
