| Title: | DIGITAL UNIX�(FORMERLY KNOWN AS DEC OSF/1) |
| Notice: | Welcome to the Digital UNIX Conference |
| Moderator: | SMURF::DENHAM |
| Created: | Thu Mar 16 1995 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 10068 |
| Total number of notes: | 35879 |
A customer of mine would like to redirect the C2 audit to be written
outside of the audited machine eg redirected to another host or
to be written locally on the machine but to a write once media.
Their concern is that if logs are written to a local host then
at least in principle they could be spoofed on the host by the
people being audited on the host (including the system administrator).
I guess that some way of protecting the logs by a digital signature
would satisfy their needs too.
This is a government law enforcement agaency of course.
Do you have any thoughts on how this could be achieved in practice?
Regards,
Chris Jankowski
Melbourne Australia
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 9709.1 | SMURF::SCOTT | Mon May 05 1997 11:05 | 22 | ||
SYNOPSIS
/usr/sbin/auditd [ options ... ]
FLAGS
...
-l hostname:
Causes the audit daemon to transfer its audit data to the audit daemon
executing on the remote host hostname. If the remote site stops
receiving, the local daemon will store its data locally as specified
with the -o and -r options to auditd.
...
-s Toggles the network server switch. If on, allows the audit daemon to
accept audit data from other audit daemons whose host names are speci-
fied in the /etc/sec/auditd_clients file.
Further information is available in the manpage and in the security book.
larry
| |||||