>> I don't care for the thought of the network blocking all of my operations
Operations shouldn’t block. I suggest an IGMP + loopback data pump. From: Trevor Vaughan [mailto:[email protected]] Sent: Tuesday, June 6, 2017 10:02 PM To: SCAP Security Guide <[email protected]> Subject: Audit Offloading in the EL7 STIG So, I was digging through and found the following: RHEL-07-030300 The operating system must off-load audit records onto a different system or media from the system being audited. and RHEL-07-030310 The operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited. This poses a real problem since there are pretty much limitless methods to meet this requirement and, given that actual proof is multi-node, this is going to be *really* difficult to evaluate properly. As much as I like auditd, I don't care for the thought of the network blocking all of my operations, so I've opted to pass it along to syslog. My syslog is then TLS encrypted to the various shipping points. This obviously meets the requirement, and I can automatically test that configuration in my code but I feel like this is yet another place where we're going to have difficulty with the SSG. I also noticed that this one hasn't been implemented in the SSG and I'm guessing that this is why. What are the plans for things like this moving forward? Thanks, Trevor -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information -- THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
