Red Hat Enterprise Linux 6 gives incident response, forensics examiners, and system administrators easy access to lightweight, easy-to-use tools and techniques that allow them to quickly identify file system modifications, changes, and compromises. The integrity-checking tools that ship with Red Hat Enterprise Linux 6 are open source and packaged with the system.
A host-based Intrusion Detection System (IDS) provides the data integrity needed to ensure adequate protection of information and system data, and helps meet security requirements and compliance. In Red Hat Enterprise Linux 6, RPM Package Manager and Advanced Intrusion Detection Environment (AIDE) delivers continuous and automated monitoring for security compliance and for implementing the needed security controls for a true “defense-in-depth” approach, enabling built-in forensics, incident response, and security to catch the bad guy.
Attendees will leave this session with a clear understanding of the Red Hat Enterprise Linux 6 audit capabilities. They will also understand the importance of including procedures and hands-on tracking of security-relevant events and configuration to allow for secure, reliable, fine-grained, and configurable requirements. The attendee will gain a fundamental understanding of using Red Hat Enterprise Linux 6 for post-mortem analysis, intrusion detection, and live system monitoring.