Date: Wed, 23 Dec 2009 14:27:25 -0500 From: Mike Tancsa <mike@sentex.net> To: freebsd-questions@freebsd.org Subject: whats in your /etc/security/ files ? (AUDIT subsystem) Message-ID: <200912231927.nBNJRWdF067714@lava.sentex.ca>
next in thread | raw e-mail | index | archive | help
I am looking at getting more out of the FreeBSD AUDIT system and was wondering if anyone has feedback beyond what is in the handbook or links to other resources on this topic. http://bsdmag.org/ had a nice intro article and http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html is actually pretty complete. But I was looking for additional feedback from folks using it on their servers in production. What do you find useful to log on large multi user systems ? What about boxes with limited access to just administrators ? Log everything? How do you manage your audit logs to ensure integrity ? Do you run at a higher secure level and make the file flags uappnd ? Write them to an nfs mount on a separate and separately secured system ? ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912231927.nBNJRWdF067714>