I agree wholeheartedly which is why I found this to be a snag. Rsyslog requires no additional infrastructure while auditd (direct) requires a working Kerberos infrastructure.
The former is (sort of) easy to test, the latter is easy to test in theory but there are a LOT of assumptions hanging around there. Interesting to hear about the split, I'm definitely falling on the rsyslog camp. Thanks, Trevor On Tue, Jun 6, 2017 at 11:23 PM, Shawn Wells <[email protected]> wrote: > > > On 6/6/17 11:05 PM, Fen Labalme wrote: > > While rsyslog is an option, we use filebeat with SSL/TLS. Many ways to > > manage as you say. Testing and validation methods need to support > > tailoring. > > IMHO it's scope creep to support every possible 3rd party solution. > OS-level config checks should be scoped to evaluated native OS-level > capabilities. > > With that said, for things that are configured through 3rd party means, > how have you been getting by? Addendum to certification test plans? > _______________________________________________ > scap-security-guide mailing list -- scap-security-guide@lists. > fedorahosted.org > To unsubscribe send an email to scap-security-guide-leave@ > lists.fedorahosted.org > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information --
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
