While rsyslog is an option, we use filebeat with SSL/TLS. Many ways to manage as you say. Testing and validation methods need to support tailoring.
=Fen On Tue, Jun 6, 2017 at 10:01 PM, Trevor Vaughan <[email protected]> wrote: > So, I was digging through and found the following: > > RHEL-07-030300 > > The operating system must off-load audit records onto a different system > or media from the system being audited. > > and > > RHEL-07-030310 > > The operating system must encrypt the transfer of audit records off-loaded > onto a different system or media from the system being audited. > > This poses a real problem since there are pretty much limitless methods to > meet this requirement and, given that actual proof is multi-node, this is > going to be *really* difficult to evaluate properly. > > As much as I like auditd, I don't care for the thought of the network > blocking all of my operations, so I've opted to pass it along to syslog. My > syslog is then TLS encrypted to the various shipping points. This obviously > meets the requirement, and I can automatically test that configuration in > my code but I feel like this is yet another place where we're going to have > difficulty with the SSG. > > I also noticed that this one hasn't been implemented in the SSG and I'm > guessing that this is why. > > What are the plans for things like this moving forward? > > Thanks, > > Trevor > > -- > Trevor Vaughan > Vice President, Onyx Point, Inc > (410) 541-6699 x788 <(410)%20541-6699> > > -- This account not approved for unencrypted proprietary information -- > > _______________________________________________ > scap-security-guide mailing list -- scap-security-guide@lists. > fedorahosted.org > To unsubscribe send an email to scap-security-guide-leave@ > lists.fedorahosted.org > >
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
