I know I am being paranoid :-), being new to security, I am guess I am
allowed this liberty.

Question to the list:
Is there any way of 'safely' storing audit files on a remote-server?

I know this question is not very well formed. Let me explain with the
example. If one uses a syslog server, the data on syslog server becomes an
append-only file-system. This basically ensures that the only way the data
on this server can be erased is, if the syslog server is compromised.

Kludgy solution:
----------------
- Pull audit files at regular intervals of time onto a more secure server,
and store the files by time-stamps. This way some sort of snap-shot is
maintained.

Refined questions:
------------------
- Is there a similar way to set-up a effectively append-only file system on
a remote server?
- I hear (might be wrong) that BSD supports append-only file systems, is
there something equivalent for Solaris (maybe via NFS)?
- Is there a way of doing this via NFS?
- Is there something better than the kludgy solution - automated
time-stamped file-pulls at regular intervals of time?

Even RTFM type posts are appreciated. I will summarize this post.

Thanks,

- Anupam

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]