whats in your /etc/security/ files ? (AUDIT subsystem)

Mike Tancsa mike at sentex.net
Wed Dec 23 19:27:34 UTC 2009


I am looking at getting more out of the FreeBSD AUDIT system and was 
wondering if anyone has feedback beyond what is in the handbook or 
links to other resources on this topic.

http://bsdmag.org/ had a nice intro article and 
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html 
is actually pretty complete.  But I was looking for additional 
feedback from folks using it on their servers in production.

What do you find useful to log on large multi user systems ?  What 
about boxes with limited access to just administrators ? Log everything?

How do you manage your audit logs to ensure integrity ?  Do you run 
at a higher secure level and make the file flags uappnd ? Write them 
to an nfs mount on a separate and separately secured system ?

         ---Mike

--------------------------------------------------------------------
Mike Tancsa,                                      tel +1 519 651 3400
Sentex Communications,                            mike at sentex.net
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada                         www.sentex.net/mike



More information about the freebsd-questions mailing list