On 02/13/2012 09:14 AM, Marco Pizzoli wrote:
Hi guys,
I'm interested to know what is the expected feature that I have to
expect from the Audit part of IPA.
I had a look at this: http://www.freeipa.org/page/Audit_Design_Overview
I see that are mentioned watchers on directories for alerting on file
alterations.
What is the final high-level purpose? I suppose not only anti tampering...
The audit portion of IPA has been put on hold while we focus on on the
core identity and policy components.
A significant part of the audit component was collecting log information
from all services on a host and aggregating them on a central server for
analysis and archiving. The directory watching you saw on the
aforementioned page is exactly for the purposes of watching log file
manipulation.
There has been a *lot* of recent discussion on how to perform logging
in the larger community as well as capturing auditable system events. As
yet there hasn't been a consensus. Until such time as a consensus forms
around the methods, tools, and libraries in this domain we won't proceed
further with the A part of IPA. However, we are actively participating
in these discussions.
--
John Dennis <[email protected]>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
