SUMMARY: Audit Kernel Info

From: Jonathan Williams (jonathw@shubertorg.com)
Date: Tue Jan 06 2004 - 13:37:44 EST

• Next message: Gary Gallup: "SUMMARY: dxaccounts insufficient memory error"
• Previous message: Jonathan Williams: "Auditing Kernel Info"
• In reply to: Claus Derlien: "installing OSFC2SEC subset"
• Next in thread: Gary Gallup: "SUMMARY: dxaccounts insufficient memory error"
• Reply: Gary Gallup: "SUMMARY: dxaccounts insufficient memory error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

OK, I'm glad I asked. I received several responses right away, and they all
said the same thing (pretty much):

The first thing was that everyone agreed to NOT REMOVE C2 SECURITY SUBSET. It
will remove auditing (and break C2 security of course), but is not necessary
when all you need to do is:

"The kernel change for auditing results from the inclusion of the DEC_AUDIT
symbol in the sytem config file (under /sys/conf). Remove this symbol,
repeat the doconfig, and audit will be gone."

thanks to all the super fast and informative replies from: Dr. Blinn, Ann
Majeske, Scott Larry, Alan Rollow, and Trevor Osatchuk. =)

Jonathan Williams
Unix Systems Administrator
The Shubert Organization, Inc.

----- Original Message -----
From: "Jonathan Williams" <jonathw@shubertorg.com>
To: <tru64-unix-managers@ornl.gov>
Sent: Tuesday, January 06, 2004 11:13 AM
Subject: Auditing Kernel Info

| Here is the situation. A while ago I enabled C2 security on all my alpha
boxes
| (ES40 5.1b patchkit 3). Everything is working fine. The other day I wanted
to
| setup auditing on one of these systems. I went through the sysman wizard to
set
| this up. The very first thing it said was that it had to add parameters to
the
| kernel to support auditing. So it did some stuff, rebuilt the kernel and then
I
| restarted the server. I never actually continued and setup the auditing.
|
| Now, I want to remove these kernel changes that the auditing wizard added. I
| placed a call to HP to find out what I had to remove, and they said to remove
| the OSFC2SEC540 subset. They said this will also remove the C2 security. I
| don't want to remove the C2 security. My question is...how can it be that I
| have to remove this subset to remove the auditing stuff, when this subset has
| been installed for a long time. It would seem that if this subset is all that
| is involved in auditing, then the kernel should have had everything it needed
| (from the past enabling of C2 security).
|
| So is this information correct, or is there something completely different
that
| needs to be done to undo what the auditing wizard did. Thanks for any info.
|
| Jonathan Williams
| Unix Systems Administrator
| The Shubert Organization, Inc.
|
|
|
|

• Next message: Gary Gallup: "SUMMARY: dxaccounts insufficient memory error"
• Previous message: Jonathan Williams: "Auditing Kernel Info"
• In reply to: Claus Derlien: "installing OSFC2SEC subset"
• Next in thread: Gary Gallup: "SUMMARY: dxaccounts insufficient memory error"
• Reply: Gary Gallup: "SUMMARY: dxaccounts insufficient memory error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:47 EDT