[Freeipa-users] Future audit feature
Marco Pizzoli
marco.pizzoli at gmail.com
Mon Feb 13 17:33:09 UTC 2012
On Mon, Feb 13, 2012 at 6:27 PM, Dmitri Pal <dpal at redhat.com> wrote:
> **
> On 02/13/2012 11:28 AM, Marco Pizzoli wrote:
>
> Hi John,
>
> On Mon, Feb 13, 2012 at 5:23 PM, John Dennis <jdennis at redhat.com> wrote:
>
>> On 02/13/2012 09:14 AM, Marco Pizzoli wrote:
>>
>>> Hi guys,
>>> I'm interested to know what is the expected feature that I have to
>>> expect from the Audit part of IPA.
>>>
>>> I had a look at this: http://www.freeipa.org/page/Audit_Design_Overview
>>> I see that are mentioned watchers on directories for alerting on file
>>> alterations.
>>> What is the final high-level purpose? I suppose not only anti
>>> tampering...
>>>
>>
>> The audit portion of IPA has been put on hold while we focus on on the
>> core identity and policy components.
>>
>
> Yes, I'm aware of this.
>
>
>> A significant part of the audit component was collecting log information
>> from all services on a host and aggregating them on a central server for
>> analysis and archiving. The directory watching you saw on the
>> aforementioned page is exactly for the purposes of watching log file
>> manipulation.
>>
>
> Good.
>
>
>> There has been a *lot* of recent discussion on how to perform logging in
>> the larger community as well as capturing auditable system events. As yet
>> there hasn't been a consensus. Until such time as a consensus forms around
>> the methods, tools, and libraries in this domain we won't proceed further
>> with the A part of IPA. However, we are actively participating in these
>> discussions.
>>
>
> I'm very interest in this topic. Please, could you tell me where I can
> read these discussions?
>
>
> Some of them are internal to Red Hat just because we want to understand
> the use cases before we wrap our head around the audit on OS level and
> reach out to different communities looking for ideas.
>
Ok, I understand.
> There will be some discussions on the developer conference in Brno later
> this week.
> I will keep you updated as soon as I have something to share.
>
Thank you very much indeed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120213/129851f6/attachment.htm>
More information about the Freeipa-users
mailing list