Mike Tancsa wrote:
I am looking at getting more out of the FreeBSD AUDIT system and was
wondering if anyone has feedback beyond what is in the handbook or links
to other resources on this topic.
http://bsdmag.org/ had a nice intro article and
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html is
actually pretty complete. But I was looking for additional feedback
from folks using it on their servers in production.
What do you find useful to log on large multi user systems ? What about
boxes with limited access to just administrators ? Log everything?
How do you manage your audit logs to ensure integrity ? Do you run at a
higher secure level and make the file flags uappnd ? Write them to an
nfs mount on a separate and separately secured system ?
---Mike
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,m...@sentex.net
Providing Internet since 1994www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
freebsd-questions-unsubscr...@freebsd.org
My experience is its “OVERKILL”. Better to invest your time in tuning
your firewall rules.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org