In article <[EMAIL PROTECTED]>,
Adam Shostack <[EMAIL PROTECTED]> wrote:
>On Thu, Jun 03, 1999 at 01:07:58PM +0000, Peter da Silva wrote:
>| C2 is about the lowest TCSEC rating that's worth actually paying attention
>| to. Apart from the auditing requirements, a plain vanilla Linux box could
>| meet C2 if it were evaluated, and if you turn on enough NT audit logs to be
>| worth anything you've just added another layer of instability to the system,
>| because NT falls over when they fill up.
>Incidentally, thats a C2 *requirement*, that a system halt when its
>audit logs are full. Otherwise, you fill up the logs with junk,
>attack, and theres no place to write that the system is being
>attacked.
Oh, I know that. But if you do your job properly the logs are on another
computer altogether. Unfortunately I don't know any way to feed the NT audit
logs to syslog.
--
In hoc signo hack, Peter da Silva <[EMAIL PROTECTED]>
`-_-' Ar rug t� barr�g ar do mhact�re inniu?
'U` "Be vewy vewy quiet...I'm hunting Jedi." -- Darth Fudd
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
