HPE Community
Operating System - HP-UX
1838107 Members
3829 Online
110124 Solutions
New Discussion

Auditing without TCB

 
Scott Stewart
Occasional Contributor

‎07-08-2004 08:02 AM

‎07-08-2004 08:02 AM

Auditing without TCB

We are evaluating a product which centralizes audit logs from our various platforms (UX, AIX, Solaris, Linux). Can system auditing be activated on UX without activating TCB? We use NIS pretty heavily and can't make the conversion to NIS+ or something else at the moment.

Thanks!
Scott
0 Kudos
Reply
4 REPLIES 4
Michael Tully
Honored Contributor

‎07-08-2004 08:06 AM

‎07-08-2004 08:06 AM

Re: Auditing without TCB

There is a product called e-Trust from CA, that does some of this type of thing. something to think about. I'm sure there will be more answers to this.
Anyone for a Mutiny ?
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎07-08-2004 08:33 AM

‎07-08-2004 08:33 AM

Re: Auditing without TCB

Yes - you can.

Check out Unix Control:

http://www.tfstech.com/index.htm

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎07-08-2004 08:46 AM

‎07-08-2004 08:46 AM

Re: Auditing without TCB

Hi Scott,

Interestingly SAM doesn't allow you to configure auditing without converting the system to trusted but you can turn on|off auditing using audsys command. Atleast on 11i. Very recently, I tried it and I was suprized to see it worked. I didn't go further on it but I believe it should give you what you need but I am not sure on it's supportability.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Darren Prior
Honored Contributor

‎07-08-2004 09:55 PM

‎07-08-2004 09:55 PM

Re: Auditing without TCB

Hi Scott,

There was a thread on using auditing on a non-trusted system fairly recently so it's worth having a quick search of the forums.

This thread mentioned that someone did get auditing working on a non-trusted system... However, it's not supported by HP in this configuration. One of the problems is that the audit ids are stored within the /tcb area, without the audit id auditing becomes less useful!

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.