labeled ipsec auditing
Joy Latten
latten at austin.ibm.com
Thu Oct 5 21:23:00 UTC 2006
I am auditing when an ipsec policy is added and removed from the
Security Policy Database. Should I also add audit when an SA is
added and removed? SAs can quickly fill up log since there can be many of them
and they also have a lifetime associated with them that can result in
continuous renewal. I looked at how Paul implemented netlabel auditing,
but was wondering is there any specific info I should audit for
labeled ipsec?
Regards,
Joy
More information about the Linux-audit
mailing list