Re: [Fed-Talk] How to configure auditing for use in a Closed Area
Re: [Fed-Talk] How to configure auditing for use in a Closed Area
- Subject: Re: [Fed-Talk] How to configure auditing for use in a Closed Area
- From: email@hidden
- Date: Mon, 25 Oct 2010 13:02:45 -0400
On 10/25/2010 11:31 AM, DeMattia, Edmond G. Edmond.DeMattia-at-jhuapl.edu |apple fed-talk/fed-talk| wrote:
> I have several Macs in a closed area that need to be configured for file
> and directory level auditing. I need to be able to log failed attempts
> by users trying to access files and folders on the local system for
> which they don’t have privileges to.
>
> I have a mix of 10.6 and 10.5 workstations. Any help is greatly
> appreciated!!
I'm not sure what level of knowledge you're looking for. Have you read the Apple documentation? There's information about auditing in the Common Criteria (CC) Tools, which are included by default in 10.6, but in earlier versions you must download and install them.
https://ssl.apple.com/support/security/commoncriteria/
NOTE: The CC guide there is for Snow Leopard only. Here is the one for Leopard (10.5):
http://images.apple.com/support/security/commoncriteria/CC_AdminGuide.pdf
The CC tools for 10.4, 10.5:
http://support.apple.com/downloads/Common_Criteria_Tools_for_10_4
http://support.apple.com/downloads/Common_Criteria_Tools_for_10_5
There's a limited amount of info about auditing in the Security Configuration Guides Apple provides -- mostly they just point to the CC documentation -- but in any case:
http://www.apple.com/support/security/guides/
HTH
--
Rob
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden