Auditing -


The DoD seems to think this is important.
Maybe you should too.

Auditing is a system which allows you to look back upon your system and reconstruct actions which have been taken on it. Most UNIX variants have some level of auditing as part of the standard distributions. However, this auditing subsystem is rarely complete.

A typical example of this is Syslog. Most security relevant programs will send limited information to a syslog daemon for logging. Also, a limited set of kernel actions will be logged.

A complete implentation would audit all system calls and would also maintain a permanent audit id which stay attached to a user during system use. This audit id remains the same even accross su's.

ACM@UIUC Main Page