On Thursday 05 October 2006 17:23, Joy Latten wrote: > I am auditing when an ipsec policy is added and removed from the > Security Policy Database. Should I also add audit when an SA is > added and removed?
What we need to capture is the changes to configuration that affects the access decisions. Klaus may be better person to judge SP vs SA. > I looked at how Paul implemented netlabel auditing, but > was wondering is there any specific info I should audit for > labeled ipsec? We need auid and subj of the process that loads the "rules". Is there any security relevant data in the rules that you want to log to help get a better idea of what is being inserted/deleted? Thanks, -Steve -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
