<x-flowed>At 11:27 AM 1/31/01 -0800, "Scott C. Best" <[EMAIL PROTECTED]> wrote:
>Matthew:
>
> Heya. My intepretation of:
>
>|LO1 - Required Log Events - The Candidate Firewall Product shall
>|have the capability to log events belonging to the event types
>|described below...
>
> ...is with emphasis on "capability to log". IE, not actual
>logging all the time for everything. Eeesh.
>
> Hee. It is telling that the "Traffic Permitted Inbound"
>of the 3.0a Criteria doesn't include SSH. ;)
>
>-Scott
>
>
>On Wed, 31 Jan 2001, Matt Schalit wrote:
>
> >
> > Folks,
> >
> > Mike Noyes wrote:
> > >
> >
> > > Firewall Product Certification Criteria Version 3.0a
> > > http://www.icsalabs.com/html/communities/firewalls/ \
> > > certification/criteria/criteria_3.0a.shtml
> > >
> >
> >
> > Taking a look at this, it refered to logging all acceptable and
> > unacceptabe access. That'd fill our logs in a hearbeat, then
> > syslog would stop logging.
> >
> > Do you concur?
Matthew,
I agree with Scott's interpretation. We may even be able to comply with L05
by including a perl script that performs pull logging through sshd. It
would require a log server on the LAN with perl and ssh installed though. I
saw an article in Linux Journal with example scripts. If anyone is
interested I'll hunt for it, and ask the author if we can use his scripts.
--
Mike Noyes <[EMAIL PROTECTED]>
http://leaf.sourceforge.net/
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
</x-flowed>
