whats in your /etc/security/ files ? (AUDIT subsystem)
Fbsd1
fbsd1 at a1poweruser.com
Thu Dec 24 02:39:48 UTC 2009
Mike Tancsa wrote:
> I am looking at getting more out of the FreeBSD AUDIT system and was
> wondering if anyone has feedback beyond what is in the handbook or links
> to other resources on this topic.
>
> http://bsdmag.org/ had a nice intro article and
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html is
> actually pretty complete. But I was looking for additional feedback
> from folks using it on their servers in production.
>
> What do you find useful to log on large multi user systems ? What about
> boxes with limited access to just administrators ? Log everything?
>
> How do you manage your audit logs to ensure integrity ? Do you run at a
> higher secure level and make the file flags uappnd ? Write them to an
> nfs mount on a separate and separately secured system ?
>
> ---Mike
>
> --------------------------------------------------------------------
> Mike Tancsa, tel +1 519 651 3400
> Sentex Communications, mike at sentex.net
> Providing Internet since 1994 www.sentex.net
> Cambridge, Ontario Canada www.sentex.net/mike
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
>
My experience is its “OVERKILL”. Better to invest your time in tuning
your firewall rules.
More information about the freebsd-questions
mailing list