[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: labeled ipsec auditing



On Thursday 05 October 2006 17:23, Joy Latten wrote:
> I am auditing when an ipsec policy is added and removed from the
> Security Policy Database. Should I also add audit when an SA is
> added and removed? 

What we need to capture is the changes to configuration that affects the 
access decisions. Klaus may be better person to judge SP vs SA.

> I looked at how Paul implemented netlabel auditing, but 
> was wondering is there any specific info I should audit for
> labeled ipsec?

We need auid and subj of the process that loads the "rules". Is there any 
security relevant data in the rules that you want to log to help get a better 
idea of what is being inserted/deleted?

Thanks,
-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]