[olug] C2 Auditing on RedHat?

sdeel sdeel at cox.net
Wed Aug 28 22:09:46 UTC 2002


RE: [olug] C2 Auditing on RedHat?Better plan on commiting a large part of your file system (in its own partition) to collecting the audits and you will want a good audit reduction tool to help analyze your results.  Depending on your audit requirements and system usage, archiving and moving the audit data across the network to a collection/tape backup system can take a fair amount of resources.  

Also think out what you will do when/if partition for collecting gets full.  It may not be acceptable to put subsequent audits in the bit bucket!  If c2 audits are being levied on you, you may not be allowed to have gaps in the log information collected.  If so, this would mean a stopage until space is again available.

My experience with Solaris C2 audits was that we could not install Solaris and our infastructure tools with all audits turned on a minimal system - we would fill the audits partition before the installation completed. 

Sam Deel
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Everybody's got to believe in something, I believe I'll have another beer...
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

  ----- Original Message ----- 
  From: Rogers, John C NWD02 
  To: 'olug at olug.org' 
  Sent: Wednesday, August 28, 2002 2:35 PM
  Subject: RE: [olug] C2 Auditing on RedHat?


  The only C2 type of auditing of Linux that I know of is the security enhanced version of Linux from the NSA. 

  This version audits just about anything and every change or permission that the system can have done to it.  It is an attempt to build a C2 OS like Trusted Solaris and the others but has not been certified or tested for C2.

  Find it at http://www.nsa.gov/selinux/ 

  Hope it helps, 
  John 

  -----Original Message----- 
  From: Blaufuss, Shane [mailto:sblaufuss at fnni.com] 
  Sent: Wednesday, August 28, 2002 1:14 PM 
  To: olug at olug.org 
  Subject: [olug] C2 Auditing on RedHat? 



  Does anyone know if this is possible?  There doesn't seem to be any auditing 
  packages included with the distro.  I was hoping for something like 
  Solaris's auditd. 



  -- 
  Shane M.  Blaufuss 
  Systems Engineer 
  First Nat.'l Bank of Omaha 
  (402) 633-7288 

  _______________________________________________ 
  OLUG mailing list 
  OLUG at olug.org 
  http://lists.olug.org/mailman/listinfo/olug 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.olug.org/pipermail/olug/attachments/20020828/e2f19663/attachment.html>


More information about the OLUG mailing list