Q: encryted log

[Michael Halcrow]

On Mon, Nov 26, 2018 at 10:15 PM Marko Horn <weber at zbfmail.de> wrote:
>
> hello,
> you can easily do an encrypted
> /var/log/auditlog partition
> and save the logs there

This has the disadvantage of reserving a fixed amount of disk space
for the logs.  If you need that reserved disk space for something
else, you don't have it. If you end up needing more space for the
logs, you don't have it.

If you're using ext4 or f2fs, another option is to use their native
encryption capability.  If you're using another local file system,
well, I haven't gotten around to ripping eCryptfs out of the kernel
yet, so there's also that.

> Am 26. November 2018 19:37:36 MEZ schrieb Richard Guy Briggs <rgb at redhat.com>:
>>
>> On 2018-11-24 17:37, Ranran wrote:
>>>
>>> Hello,
>>>
>>> Is there a way to encrypt the auditd logs which are saved to disk?
>>> The system need to save logs from local into disk (not a remote
>>> connection), but it should be saved encryped. Is there a way to do it?
>>
>>
>> The easy answer is that any system that is configured to use full disk
>> encryption (LUKS is the default one on many distros.) will give you that
>> automatically.
>>
>> You have not provided more detail to know if this is what you had in
>> mind or would be sufficient for your requirements.  If you require the
>> daemon to write to encrypted log files, then you may be out of luck.
>>
>>> ran
>>
>>
>> - RGB
>>
>> --
>> Richard Guy Briggs <rgb at redhat.com>
>> Sr. S/W Engineer, Kernel Security, Base Operating Systems
>> Remote, Ottawa, Red Hat Canada
>> IRC: rgb, SunRaycer
>> Voice: +1.647.777.2635, Internal: (81) 32635
>>
>> --
>> Linux-audit mailing list
>> Linux-audit at redhat.com
>> https://www.redhat.com/mailman/listinfo/linux-audit
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit