Linux audit v. Solaris audit

schaufler-ca.com - Casey Schaufler casey at schaufler-ca.com
Fri Mar 17 16:51:32 UTC 2006


--- "Sponsler, Mike" <sponslerm at netcsc.com> wrote:

> From: "Sponsler, Mike" <sponslerm at netcsc.com>
> To: linux-audit at redhat.com
> Date: Thu, 16 Mar 2006 17:12:45 +0000
> Subject: Linux audit v. Solaris audit
>

> Is the audit daemon for linux similiar to the audit
> daemon for solaris
> 10?  Specifically does it do BSM auditing?

BSM is Sun's way to say "C2" without actually
commiting to completely meeting the C2
requirements. C2 is the archaic security
specification that is the basis for the Common
Criteria Controlled Access protection Profile
(CAPP). Linux Audit is designed to exceed the
CAPP requirements.

BSM and Linux Audit are independent*
implementations of facilities that are
intended to meet the same need. BSM
is older and based on older criteria.
Linux Audit is newer and based on
modern (as of today) criteria. The two
mechanisms take different approaches
to the problem, but in the end are
more similar than they are different.**

------
*   Well, there hasn't been much direct carry over.
** I wrote the original SunOS4.0 audit code.
    The two schemes are not that different.







More information about the Linux-audit mailing list