Re: audispd audit-remote plugin and uid, gid, euid, suid, fsuid, egid, sgid, fsgid

On 11/13/2014 09:01 AM, Steve Grubb wrote: This subject is one I I've griped before. I'm amazed that more people haven't mentioned this. From an assurance perspective, having the human-understandable names of the accounts is important. If auditing systems aggregate records from multiple sources, this is pretty big. Until we can easily do something like the following, this isn't dire: machine: local aggregator enterprise aggregator --------------- --------------------- ----------------------------- finance sys1 -> finance sys2 -> fin. aggr \ finance sys3 -> -> engineering1 -> engineering2 -> eng. aggr -> enterprise aggregator engineering3 -> marketing1 -> -> marketing2 -> mark. aggr / marketing3 -> In fact, to me, the ultimate assurance architecture would be to have the username management system reside on the local auditing aggregator with a very controlled/audited/secure interface. Then I'd interpret the uids, gids and hns there. My $0.02 FWIW, LCB -- LC (Lenny) Bruzenak lenny(a)magitekltd.com