[redhat-lspp] Re: audit messages during bootup

[LC Bruzenak]

Hi - 

I recently just subscribed and since I have a little info on this
subject I thought I'd add my 2 c.

For those of you on the list who do not know me, my name is Lenny
Bruzenak. I have been a developer on HPUX BLS (9.09+BLS), one HPUX 10.16
CMW and one HPUX 10.26 (TOS, very CMW-ish but no formal accreditation)
system.
In between I worked for HP on 10.16 support and also 10.26 development.
Currently work with Joe Nall (who subscribes to this list) et.al. on the
10.26-based application which is transitioning to something new, most
likely SE Linux.

It is my experience that auditing is desired to be integral at all run
levels. Casey - did the SGI CMW also have single-user auditing? I
imagine so.

The HP way was to have a single-user level auditing which went to one
particular local directory and a multi-user area as well which could be
a mount point. I myself would not make this one NFS but each to his/her
own as needed.

Auditing the dmesg buffer contents would be desirable.

The USB boot Russell mentions is exactly one of the cracking attempts
real-world systems must attempt to thwart, mitigate or at least record.
Also booting from DVD or CD or unapproved netboot, etc.

There are other audit considerations also if this is the appropriate
forum.

Thanks,
LCB.

-- 
LC Bruzenak
lenny at bruzenak.com