Sorry for the re-post, but thought this topic belonged in a
different thread, so am resending with a new subject line. Those of you
who have already responded, thank you. -Karen
From: Wieprecht, Karen M.
Sent: Friday, May 08, 2009 9:33 AM
To: 'Nichols, Jared'; Trent Townsend; David Emery
Cc: email@hidden
Subject: RE: [Fed-Talk] re: OpenSSL on OS X old?
All,
I’ve been trying to get a response from Apple about some
issues I have where the audit subsystem doesn’t collect failed file
access attempts when the session logs in through SSH. Also,
certain SSH events themselves aren’t collected/reported properly,
and I suspect possibly the older OpenSSl and possibly an older non
audit-integrated ssh may be responsible, but I’ve had trouble getting a
response about this from the audit developers …
An earlier problem seemed to be in the way praudit was
converting the binary data (I could get info out of the binary data with
“strings”, but praudit neglected to extract the data properly), and
now with the latest version of Mac OSX and common criteria, I can’t
even get the info I’m expecting to see anymore with a
“strings” command, so I think it’s broken worse now than in
previous release.
These problems are keeping us from using the latest version (and
some older ones) of Mac OSX in our closed areas because the auditing is so
broken, and I HAVE to be able to audit the system per NISPOM regulations.
I have been trying to get these and some older issues with auditing fixed now
since we were involved in the first non-disclosure evaluations of common
criteria back around 2004. I get the impression the audit developers
would like to fix some of the things I’ve reported, but aren’t
getting support from Apple. Doesn’t Apple realize that these
kinds of problem are taking away potential sales in the government contracting
community?
Any of you facing similar issues? If so,
PLEASE make your voices heard.
Karen Wieprecht