topic Secure remote auditing/logging in Operating System - HP-UX

Secure remote auditing/logging

Asdrubal Pichardo — Wed, 05 Jul 2000 06:32:09 GMT

Hello,
Which would be the best way/procedure to remotely audit (in a secure way) a Trusted system on HP-UX 11? I'm aware one may remotely run SAM, and thus remotely audit a computer. However, this kind of connection would not be secured (not encrypted). Maybe the use of ssh (secure shell) would be an alternative. Another question in the same direction: is it possible with a Trusted system to have encrypted remote logging? The syslogd daemon can be configured to store logs in a remote machine (loghost), but it uses a plain udp connection, which is also not secure enough. Any comments would be greatly appreciated! Thanks,
Asdrubal

Re: Secure remote auditing/logging

Kofi ARTHIABAH — Wed, 05 Jul 2000 17:07:31 GMT

I would suggest the following:

- run SAM from an ssh logged-in terminal; if you need the X gui version, you would have to enable X-tunneling in your sshd (and ssh client) for it to work.

-I would suggest that you write yourself a little utility that monitors the a syslog file and sftp's it to your target server. (or your target server could pool the server with sftp).

Good luck.

Re: Secure remote auditing/logging

Antoanetta Naghiu — Wed, 05 Jul 2000 17:43:05 GMT

Hello,
I have a HP-UX 11.0 trusted system and I run audit remotely using ssh. Telnet, rlogin, ftp and so on are disable. Audit is turn on and monitor from a remote system that has ssh installed as well. If you do not want to use sam, you can use audit commands from command line (see man for audsys, audisp, setevent and so on).
Yes, you can have secured remote login via ssh (ssh ?l username remotemachine). You need to have ssh installed and configured on both machine. If you allowed root to login just from the console, after a regular user get in via ssh, he/she can su to root.
Hope that helps.