Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP 9000 Computer Systems : Administering Your HP-UX Trusted System > Chapter 3 Practices that Enforce the Trustworthiness of the System

Guidelines for Administering Auditing
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

The following guidelines describe good practices when administering auditing on a trusted system in order to avoid audit data loss:

  • Check the audit logs at least once per day. Keep the online auditing file for at least 24 hours. Keep all auditing records stored offline for at least 30 days.

  • Review the audit log for unusual activities such as late night logins, login failures, failed access to files, or failed attempts to perform security-relevant tasks such as changing file permissions or ACLs.

  • Archive the audit file everyday to prevent it from overflowing (and potential loss of auditing data).

  • Revise the events that are audited periodically.

  • Change the audited users periodically.

  • Do not follow any pattern or schedule for event or user selection.

  • Specify site guidelines. Involve users and management in determining these guidelines.

  • Ensure the physical security of systems and disks containing the audit logs, backups of these logs, and printouts of these logs.

  • Provide a backup power source (UPS) for the disks containing the audit log so the data are not lost in the event of power failure.

  • Provide disk mirroring and other high availability support for the audit log disks.



Safe Administrative Practices
  		 


Recovering From Full Audit Files  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© Hewlett-Packard Development Company, L.P.