From owner-freebsd-questions@FreeBSD.ORG Thu Dec 24 02:39:48 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 502541065676 for ; Thu, 24 Dec 2009 02:39:48 +0000 (UTC) (envelope-from fbsd1@a1poweruser.com) Received: from mail-03.name-services.com (mail-03.name-services.com [69.64.155.195]) by mx1.freebsd.org (Postfix) with ESMTP id 3C1CF8FC0C for ; Thu, 24 Dec 2009 02:39:48 +0000 (UTC) Received: from [10.0.10.3] ([202.69.173.40]) by mail-03.name-services.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 23 Dec 2009 18:39:48 -0800 Message-ID: <4B32D46C.4040205@a1poweruser.com> Date: Thu, 24 Dec 2009 10:39:40 +0800 From: Fbsd1 User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: Mike Tancsa References: <200912231927.nBNJRWdF067714@lava.sentex.ca> In-Reply-To: <200912231927.nBNJRWdF067714@lava.sentex.ca> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-OriginalArrivalTime: 24 Dec 2009 02:39:48.0574 (UTC) FILETIME=[5C5C47E0:01CA8442] X-Sender: fbsd1@a1poweruser.com Cc: freebsd-questions@freebsd.org Subject: Re: whats in your /etc/security/ files ? (AUDIT subsystem) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Dec 2009 02:39:48 -0000 Mike Tancsa wrote: > I am looking at getting more out of the FreeBSD AUDIT system and was > wondering if anyone has feedback beyond what is in the handbook or links > to other resources on this topic. > > http://bsdmag.org/ had a nice intro article and > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html is > actually pretty complete. But I was looking for additional feedback > from folks using it on their servers in production. > > What do you find useful to log on large multi user systems ? What about > boxes with limited access to just administrators ? Log everything? > > How do you manage your audit logs to ensure integrity ? Do you run at a > higher secure level and make the file flags uappnd ? Write them to an > nfs mount on a separate and separately secured system ? > > ---Mike > > -------------------------------------------------------------------- > Mike Tancsa, tel +1 519 651 3400 > Sentex Communications, mike@sentex.net > Providing Internet since 1994 www.sentex.net > Cambridge, Ontario Canada www.sentex.net/mike > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > My experience is its “OVERKILL”. Better to invest your time in tuning your firewall rules.