On Mon, 10 Jul 2006 14:56:47 CDT, LC Bruzenak said: > Security guy: Please deliver system with maximum security. At this point, we already know the request is a crock. Even fascist military-style security recognizes that there exist tradeoffs (which is why "Secret" and "Top Secret" have different requirements to prevent disclosure, and so on). > System guy (me): What do you need to know? > Security guy: Any and all changes to security-relevant files. You missed the obvious questions here: Do you need the exact change, or is the fact that an unauthorized change happened sufficient (you can always just get the over version off backups and diff them)? Do you need to know about unexplained failed attempts as well? > System guy: Which ones are those? > Security guy: All of 'em. *all* files are security relevant? Yowza. :) There's not much that the audit code can do to support an unrealistic design. There may not be much it can do to support a *realistic* one that has certain requirements - but at least at that point we can point you at other tools to address the issues...
Description: PGP signature