Version 6.6 321 October 2014
Installation & Operation Manual 33. Configuring Security Settings
33.9.3 OS Auditing on the Mediant 8000 Media Gateway
When the Mediant 8000 Media Gateway software is installed on the SC boards, it
automatically configures the OS auditing subsystem to record the most important
security-related activity on the SC board. The list of recorded events complies with
DoD IASE STIG and GR-815 security requirements.
Audit Trail Files are stored in the /var/audit or /var/log/audit directory (on the SC
Rev.1 and SC Rev.2 boards ly). The size of a single audit trail file is limited to 1 MB.
Multiple files are preserved to allow the storage of audit data for at least one week.
Note: These modifications should be performed with a great care to minimize the
effect on the Media Gateway performance, and in general are not recommended.
When the auditing subsystem cannot properly record or store auditing events (e.g.,
due to a lack of space on the hard disk), a security alarm with an appropriate
description is sent to the EMS server.
OS auditing is simultaneously performed on both active and standby SC boards. Each
SC board contains its own audit trail data.
33.9.3.1 Analyzing the Audit Trail File on the Solaris OS
The following basic tools, provided by the Solaris OS may be used to analyze the
audit trail files on SC Rev.1 boards.
To convert the binary audit trail data into human readable ASCII format, the praudit
command is used. Praudit includes a few basic options that determine single or multi-
line display and delimiters; however it provides no mechanism for choosing which
events are displayed.
Choosing the events is performed by using the auditreduce command. This
command takes binary audit trail(s) as its input and generates a new binary audit trail
as the output.
For example, to find all of the login events for user Alice in October 2000:
client238::~# auditreduce -a 20001001 -b +31d -u alice -c lo | praudit
See the man pages of praudit and auditreduce commands for more information.
33.9.3.2 Analyzing the Audit Trail File on the Linux OS
The following basic tools, provided by the Linux OS, may be used to analyze the audit
trail files on SC Rev.2 boards.
Use the aureport command to produce various type of auditing data reports.
aureport—summary – generates a broad overview of the current auditing
statistics (events, logins, processes etc). To obtain detailed information about a
specific event category, run individual reports for the event type.
To Next Page
Loading...
