On Tue, Mar 25, 2003 at 03:13:30PM -0500, Paul Greene wrote: > Is there a function within Linux, without having to resort to a > third party app, that can get the level of security auditing down to > a very granular level, equivalent to the BSM auditing in Solaris?
Forgive both my ignorance and pedanticism. but I think I also have a suggestion that will be useful. Ignorance: I don't know what BSM is, but given your description I will make a guess. Pedandic: No, there is no such function in Linux, but Linux, per se, is just the kernel, and the kernel doesn't even include a shell. However, the Red Hat distribution of Linux, in addition to a kernel, does include a shell, and lots of other useful stuff. Suggestion: Tripwire (included in Red Hat) might be useful. It does cryptographic checksums of anything you tell it to check, and then on a cron task will let you know if any of them change. Downside: There is a commercial version of Tripwire that I haven't played with, and the free version, as Red Hat ships it, isn't very usable out of the box, the default policy file complains far too much. You also still need to figure out your procedures for how to manage OS updates and matched updated Tripwire checking to not accidentally let something nasty slip in Finally: To be really paranoid you want to do all your Tripwire checking offline, booting from a read-only medium such as a CD with a copy of the Knoppix Linux on it. That way you don't need to trust the very system you are trying to check. Except Knoppix Linux doesn't include Tripwire--not all Linux distributions are the same. (See "Pedantic" above.) I have been slowly working out these issues in my spare time, such as remastering Knoppix to include Tripwire, but am not finished. -kb -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
