On Thursday, May 26, 2011 10:07:57 AM Mr Dash Four wrote: > > For ultimate protection, we suggest remote logging to a box that has > > restricted access. > > That is certainly a possibility (but then again the box needs to be > "secure"), though since I am not very familiar with the audit daemon > I'll just ask - is the connection between the 2 daemons (on the secure > box as well as the daemon sending the logs) encrypted so to prevent > tampering in-route (man in the middle etc attacks)?
Sort of. We have kerberos support, but its not enabled at the moment. The reason being is that the kerberos libraries were in /usr/lib64 which is a big problem if the audit system started before the nfs components (and it does). I think the kerberos libraries might have been moved so we could potentially turn that on sometime soon - but I have not been updating or testing the code. If you build your own packages, you can turn it on now. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
