Re: labeled ipsec auditing
On Thursday 05 October 2006 17:23, Joy Latten wrote:
I am auditing when an ipsec policy is added and removed from the
Security Policy Database. Should I also add audit when an SA is
added and removed?
What we need to capture is the changes to configuration that affects the
access decisions. Klaus may be better person to judge SP vs SA.
I looked at how Paul implemented netlabel auditing, but
was wondering is there any specific info I should audit for
labeled ipsec?
We need auid and subj of the process that loads the "rules". Is there any
security relevant data in the rules that you want to log to help get a better
idea of what is being inserted/deleted?
Thanks,
-Steve