[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-sun
Subject:    Re: Secure storage of BSM audit files?
From:       Darren Moffat <Darren.Moffat () eng ! sun ! com>
Date:       2002-03-07 19:36:52
[Download RAW message or body]

>Kludgy solution:
>----------------
>- Pull audit files at regular intervals of time onto a more secure server,
>and store the files by time-stamps. This way some sort of snap-shot is
>maintained.

The file names already contain a timestamp and hostname.

eg:

	20011113175328.20011113180928.borg
	
>Refined questions:
>------------------
>- Is there a similar way to set-up a effectively append-only file system on
>a remote server?

nope.

>- I hear (might be wrong) that BSD supports append-only file systems, is
>there something equivalent for Solaris (maybe via NFS)?

not on Solaris.

>- Is there a way of doing this via NFS?

Yes, just store the audit files on a NFS filesystem in the first place,
the way files are named ensures they are unique.

I would recommend that you use at least AUTH_DH protection of better
yet use Kerberos (with encryption) for the security protection on the
NFS mounts.  See the mount_nfs and share_nfs man pages for details.

--
Darren J Moffat

[prev in list] [next in list] [prev in thread] [next in thread]