Re: Secure storage of BSM audit files?
From: Darren Moffat (Darren.Moffat@eng.sun.com)Date: 03/07/02
- Previous message: Sean Boran: "RE: Unix Anti-Virus Recommendations"
- Maybe in reply to: Anupam: "Secure storage of BSM audit files?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 7 Mar 2002 11:36:52 -0800 (PST) From: Darren Moffat <Darren.Moffat@eng.sun.com> To: frj780jdy85533001@sneakemail.com
>Kludgy solution:
>----------------
>- Pull audit files at regular intervals of time onto a more secure server,
>and store the files by time-stamps. This way some sort of snap-shot is
>maintained.
The file names already contain a timestamp and hostname.
eg:
20011113175328.20011113180928.borg
>Refined questions:
>------------------
>- Is there a similar way to set-up a effectively append-only file system on
>a remote server?
nope.
>- I hear (might be wrong) that BSD supports append-only file systems, is
>there something equivalent for Solaris (maybe via NFS)?
not on Solaris.
>- Is there a way of doing this via NFS?
Yes, just store the audit files on a NFS filesystem in the first place,
the way files are named ensures they are unique.
I would recommend that you use at least AUTH_DH protection of better
yet use Kerberos (with encryption) for the security protection on the
NFS mounts. See the mount_nfs and share_nfs man pages for details.
-- Darren J Moffat
- Previous message: Sean Boran: "RE: Unix Anti-Virus Recommendations"
- Maybe in reply to: Anupam: "Secure storage of BSM audit files?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
