HP UX Auditing System Extensions manual Audience, Introduction

Page 2

Audience

This white paper is for security administrators responsible for defining and implementing host audit security policies, and for system administrators responsible for configuring and managing HP-UX. This white paper provides guidance to administrators for planning, deploying, configuring, and managing the HP-UX Auditing System features on HP-UX 11i v2 with HP-UX Standard Mode Security Extensions (SMSE) installed and on HP-UX 11i v3 with HP-UX Auditing System Extensions installed. In addition, the white paper provides Best Practices that you can use to address certain compliance criteria. You can compare these settings with your internal security policy and any compliance criteria that must be satisfied.

Note

This paper does not address auditing on a system converted to trusted mode.

Introduction

The purpose of auditing is to selectively record security relevant events for analysis and detection of security breaches. The auditing system records instances of access by subjects to objects on the system, and enables you to detect any attempts to bypass the protection mechanism for objects, including the misuse of privileges. Auditing also helps expose potential security weaknesses in the system. Many regulations, such as PCI, HIPAA, and Sarbanes-Oxley, require some form of auditing.

In the past several years, industry and government oversight of businesses has increased dramatically. Guidelines and laws have been defined that require businesses to protect information and to impose more significant penalties for failure to do so. This protection of information goes beyond internal corporate information and extends to the privacy of customer data and practices for the protection of business operations and infrastructure. Adherence to these regulations is generally referred to as regulatory compliance or, simply, compliance. Businesses must demonstrate appropriate internal IT controls or face penalties for noncompliance. Significant regulatory compliances are as follows:

Sarbanes Oxley (SOX) – Pertains to protection of public company financial data

PCI – Pertains to customer credit card information

HIPAA – Pertains to healthcare information

Graham Leach Bliley Act – Pertains to financial institutions

Safe Harbor – Pertains to international privacy protection

SEC/OCC – Pertains to US financial securities (for example, stocks)

Most of these criteria do not mandate specific security mechanisms or processes, but they define a high level of practices to which businesses must adhere. Businesses must determine appropriate processes and mechanisms to meet the specified practices.

2

Page 1 Page 3
Image 2
Page 1 Page 3
Contents Configuring and Managing the Auditing System HP-UX 11i v2 and 11i v3 SecurityAudience IntroductionArchitecture CommandsAuditing system overview Files System callsDaemons Audit events Audit tagsAudit trail PID identification records Version recordsSystem call table records System call audit recordsAudit tunable parameters HP-UX 11i v3 only Self-auditing programsAudit aware Page Newgrp1 modaccess Setfilexsec1M modaccess Could not lock file Audit unaware Executing login pid = pid. ipcopenNetworking service = ftp Remote user Usernameunspecified Local SystemAudit Filtering Auditing system extensions HP-UX 11i v3 onlyDynamically Linked Kernel Modules Audit Reporting HP-UX Auditing System AdministrationInstallation Userdbset command. See userdbset1M and userdb4 ConfigurationConfiguring users for audit Configuring audit settings to be preserved across reboots Configuring events for auditConfiguring audit filtering Configuring roles Role, operation, objectEnabling auditing Reads the /etc/rc.config.d/auditing fileManagement Disabling auditingDpms service module implementation Writing a Dpms service moduleService Provider Interfaces SPIs Best practicesAudit policy Audit generation and captureAudit retention and storage Audit log analysisOpt/audit/AudReport/bin TroubleshootingAudit log configuration, security, and protection Page Glossary Audwrite2Page For more information Send comments to HP
Top Page Image Contents