Re: [Fed-Talk] Common Criteria Tools
Re: [Fed-Talk] Common Criteria Tools
- Subject: Re: [Fed-Talk] Common Criteria Tools
- From: Todd Heberlein <email@hidden>
- Date: Thu, 14 Dec 2006 11:38:49 -0800
On Dec 14, 2006, at 10:36 AM, Bill Vlahos wrote:
I'm hoping that someone has created better tools to be able to scan
the audit logs for logins/logouts, password changes, etc. that are
required for secure DoD computers. If anyone has tools to make the
scanning of the audit logs simpler that they are willing to share I
would sure appreciate it.
I wrote my own parsing tools for the BSM audit trails (the default
praudit parsing is/was painfully slow). There were some
discrepancies between the documentation (downloaded from Apple and
Sun's sites) and the actual binary format. I don't know if that
means there are differences between the binary output from Apple,
Sun, and OpenBSM. I honestly haven't looked at Sun's data in years,
and I have never looked at OpenBSM's implementation.
However, if it is simply a problem with Sun's documentation being out
of date, then various BSM unix tools might work for you.
As fate would have it, I am starting a project in about 2 weeks that
will use it again. If there is interest in this group, I can post
updates on the tools we develop.
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden