Date: Thu, 24 Dec 2009 10:39:40 +0800 From: Fbsd1 <fbsd1@a1poweruser.com> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-questions@freebsd.org Subject: Re: whats in your /etc/security/ files ? (AUDIT subsystem) Message-ID: <4B32D46C.4040205@a1poweruser.com> In-Reply-To: <200912231927.nBNJRWdF067714@lava.sentex.ca> References: <200912231927.nBNJRWdF067714@lava.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Tancsa wrote: > I am looking at getting more out of the FreeBSD AUDIT system and was > wondering if anyone has feedback beyond what is in the handbook or links > to other resources on this topic. > > http://bsdmag.org/ had a nice intro article and > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html is > actually pretty complete. But I was looking for additional feedback > from folks using it on their servers in production. > > What do you find useful to log on large multi user systems ? What about > boxes with limited access to just administrators ? Log everything? > > How do you manage your audit logs to ensure integrity ? Do you run at a > higher secure level and make the file flags uappnd ? Write them to an > nfs mount on a separate and separately secured system ? > > ---Mike > > -------------------------------------------------------------------- > Mike Tancsa, tel +1 519 651 3400 > Sentex Communications, mike@sentex.net > Providing Internet since 1994 www.sentex.net > Cambridge, Ontario Canada www.sentex.net/mike > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > My experience is its “OVERKILL”. Better to invest your time in tuning your firewall rules.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B32D46C.4040205>