Secure storage of BSM audit files?

From: Anupam (frj780jdy85533001@sneakemail.com)
Date: 03/02/02

Next in thread: Darren Moffat: "Re: Secure storage of BSM audit files?"
Reply: Darren Moffat: "Re: Secure storage of BSM audit files?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Anupam" <frj780jdy85533001@sneakemail.com>
To: <focus-sun@securityfocus.com>
Date: Sat, 2 Mar 2002 11:16:19 -0500

I know I am being paranoid :-), being new to security, I am guess I am
allowed this liberty.

Question to the list:
Is there any way of 'safely' storing audit files on a remote-server?

I know this question is not very well formed. Let me explain with the
example. If one uses a syslog server, the data on syslog server becomes an
append-only file-system. This basically ensures that the only way the data
on this server can be erased is, if the syslog server is compromised.

Kludgy solution:
----------------
- Pull audit files at regular intervals of time onto a more secure server,
and store the files by time-stamps. This way some sort of snap-shot is
maintained.

Refined questions:
------------------
- Is there a similar way to set-up a effectively append-only file system on
a remote server?
- I hear (might be wrong) that BSD supports append-only file systems, is
there something equivalent for Solaris (maybe via NFS)?
- Is there a way of doing this via NFS?
- Is there something better than the kludgy solution - automated
time-stamped file-pulls at regular intervals of time?

Even RTFM type posts are appreciated. I will summarize this post.

Thanks,

- Anupam

Next in thread: Darren Moffat: "Re: Secure storage of BSM audit files?"
Reply: Darren Moffat: "Re: Secure storage of BSM audit files?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]