labeled ipsec auditing

Joy Latten latten at austin.ibm.com
Thu Oct 5 21:23:00 UTC 2006


I am auditing when an ipsec policy is added and removed from the 
Security Policy Database. Should I also add audit when an SA is 
added and removed? SAs can quickly fill up log since there can be many of them
and they also have a lifetime associated with them that can result in 
continuous renewal. I looked at how Paul implemented netlabel auditing, 
but was wondering is there any specific info I should audit for 
labeled ipsec?

Regards,
Joy   




More information about the Linux-audit mailing list