Session recording
Paul Lussier
p.lussier at comcast.net
Thu Apr 3 12:40:23 EDT 2008
Bill McGonigle <bill at bfccomputing.com> writes:
> I don't think there's a linux way to do tamper-proof logs that meets
> the letter of the standard.
Not knowing the letter of the standard, or the standard for that
matter, I can not speak definitively on the matter.
However, you could have anything that *is* logged stored on a
Enterprise-class archive solution. Something like what Permabit
(http://www.permabit.com) or EMC (used to, Centera has been EOL'ed
from what I understand) sells. Something like this which also
provides WORM-like characteristics for certain types compliance needs
(like S/OX, HIPPA, various SEC regs, etc.) might fit the bill.
Since this solution (the Permabit one) exports via NFS, CIFS, and
WebDAV, it would be trivial to have various systems mount a volume and
log directly to it. Since it also supports heavy-duty encryption
(SHA-256), inline data de-duplication, ACLs, and a whole host of other
neat features, it fits right into an environment requiring some sort
of compliance solution.
This may or may not suffice for the current needs depending upon the
definition of 'tamper-proof'. I.e., if tamper-proof means 'once
written to disk they can never be changed' then it will work. If
tamper-proof means 'there can be no possible way the data could be
intercepted between memory and writing to disk, then obviously it
won't work. Since, if you're writing to a remote file system over the
network, there is ample opportunity to intercept the log data.
--
Seeya,
Paul
More information about the gnhlug-discuss
mailing list