Re: [Fed-Talk] Auditing using Common Criteria
Re: [Fed-Talk] Auditing using Common Criteria
- Subject: Re: [Fed-Talk] Auditing using Common Criteria
- From: Todd Heberlein <email@hidden>
- Date: Mon, 17 Sep 2007 13:09:49 -0700
On Sep 17, 2007, at 11:32 AM, EXT-Traynor, Paul I wrote:
Thanks very much. The proxy based on process ID will do the trick.
On a related note, what about logging of account lockout (NISPOM 8-602
(1)(f))?
We have verified that account lockout occurs as configured, but
there is
no audit record of it that we can find.
Good question. I will check into this later this week (I am pretty
busy until Wednesday). I am aware of at least four audit records
Apple generates that might have the information embedded in them, or
might be used as a proxy. These are 6600, 7000, 7002, and 7003
(AUE_lw_login, AUE_auth_user, AUE_ssauthorize, and AUE_ssauthint
respectively).
If a process is forked and execed at lockout, that might be a good
proxy.
If you don't have an answer by Thursday, ping me again.
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden