Shalom Debbie,
I think you may be missing the point of SOX. What you've asked for is impossible, making Pete's answer the 10 point response.
SOX wants an audit trail so that if something bad happens that effects the company it can be traced.
You must have wtmp and btmp files for example.
You must keep logs that are relavent.
Some people think you need shadow passwords but thats not true we passed SOX audits without.
Some people think NIS doesn't comply.
I think the audit trail of a trusted system with audit logs being archived exceeds SOX requirements.
Another thing to watch for. SOX audits often are done with the idea of selling consulting services to help "fix" the problem. Its unethical but I've heard second reports of it happening.
There is nothing wrong with failing a SOX audit so long as you correct the problems in a reasonable period of time. But if you bring in someone to help you prepare for a SOX audit then its buyer beware, they may not have your best interests at heart.
In case anyone asks, we have to comply with SOX on a limited basis because I work for News Corp, through a few levels of Corporate ownerhip and thats a US based/resident(don't remember the term) company.
SEP
Jerusalem
Israel
Things will get calmer here. Trust me.
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
