HPE Community
Operating System - HP-UX
1849122 Members
7414 Online
104041 Solutions
New Discussion

Re: Audit file

 
SOLVED
Go to solution
JFA
New Member

‎06-01-2007 01:08 AM

‎06-01-2007 01:08 AM

Audit file

We currently have some audit files enabled.
Two question regarding this:
- Is the binary audit file protected from tampering by having a kind of self integrity check ? (Other than a protection relying on ACLs only) Indeed, changing a single character prevents file opening. This is fine; but can w2e rely on this algorithm and consider it safe ?
- Are the audit files readable still readable by a new version of HP UX ? I.e can I read a HP-UXv10 audit file on an HP-UX v11 server ?

Thanks for your insights....
0 Kudos
Reply
3 REPLIES 3
Steven E. Protter
Exalted Contributor

‎06-01-2007 02:17 AM

‎06-01-2007 02:17 AM

Re: Audit file

Shalom,

binary audit file from trusted system?

No such thing as an audit file that is immune from tampering. Its difficult but not beyond the ability of a hacker.

I don't know the answer to your last question but should not trusted system as an option has been dropped from HP-UX 11.31.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
JFA
New Member

‎06-01-2007 06:14 AM

‎06-01-2007 06:14 AM

Re: Audit file

Shalom,

Thanks for your insights !
Any idea what HP plans for the future of audit ? They will not support anymore trusted system functionnalities including audit as we know it today.
Anyone from HP here, can you tell us whether anything comparable will be available ?
0 Kudos
Reply
ratan nalumasu
Occasional Advisor

‎06-01-2007 08:15 AM

‎06-01-2007 08:15 AM

Solution

Re: Audit file

Hi

Q: Are audit files still readable by a new version of HP-UX?
A: To a limited extent. More specifically, audit trails can be generally moved to one release higher. Note that moving the audit trails from one machine to another would inevitably result in some incorrect information (e.g., audit id->login name mappings or terminal names may be wrong unless the configurations are identical).

Q: Any idea what HP plans for the future of audit? They will not support anymore trusted system functionnalities including audit as we know it today.
A: Trusted mode will not be supported, but pretty much all of the trusted mode functionalities would be available in "standard mode"; i.e., auditing itself would not go away. Except for one or two not-so-interesting features of trusted mode (e.g., terminal device assignment), the rest are already available in 11.31LR and 11.23 with Standard Mode Extensions product. You can get the 11.23 product from http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=StdModSecExt
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.