Not directly answering your question but sharing some knowledge ... Similarly our IPA system falls under certain audit conditions, specifically with regard to user addition/deletion and what goup memberships have been ammended over some period of time (we base our sudo rules on group memberships.) I found all these things are logged by the API to Apache's error log dirctive so it was quite straight forward to see those logs sent over the network to a central log server. Both the web interface and "ipa" commands use the API.
It's not perfect, for example when a user is deleted there is no log as to which groups they were removed from as part of that deletion process - so far though that hasn't been identified as an issue by auditors! Regards Angus ________________________________ From: Shumel Rahman via FreeIPA-users <freeipa-users@lists.fedorahosted.org> Sent: Monday, 18 November 2019, 20:18 To: freeipa-users@lists.fedorahosted.org Cc: Shumel Rahman Subject: [Freeipa-users] SOC documentation Hi I would like to know if you have any T&C's and other such documentation that would satisfy a SOC Audit? I understand that FreeIPA is Open Source but perhaps there some relevant documentation on this topic. FreeIPA is used by our organisation for access to a key application and as such falls into scope of our audit. Do let me know if any clarification of the above is required. Or indeed any questions or feedback. I look forward to hearing from you. Regards Shumel Shumel Rahman Application Manager for Tech +46 760009846 iZettle – Tools to build your business izettle.com<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Finstagram.com%2Fizettle&data=02%7C01%7C%7Ce6665ef93efa42a25db408d76c5c20d2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637097015246417098&sdata=mIgsxwhJJf3bA13YWCmGBOqeoekuQ3%2FSGLdfs%2BS%2FttI%3D&reserved=0>
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org