diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/2010-December/001072.html')
| -rw-r--r-- | zarb-ml/mageia-sysadm/2010-December/001072.html | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2010-December/001072.html b/zarb-ml/mageia-sysadm/2010-December/001072.html new file mode 100644 index 000000000..b134caa2f --- /dev/null +++ b/zarb-ml/mageia-sysadm/2010-December/001072.html @@ -0,0 +1,116 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-sysadm] ldap write log + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20ldap%20write%20log&In-Reply-To=%3C1291816763.17582.41.camel%40akroma.ephaone.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="001071.html"> + <LINK REL="Next" HREF="001034.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-sysadm] ldap write log</H1> + <B>Michael Scherer</B> + <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20ldap%20write%20log&In-Reply-To=%3C1291816763.17582.41.camel%40akroma.ephaone.org%3E" + TITLE="[Mageia-sysadm] ldap write log">misc at zarb.org + </A><BR> + <I>Wed Dec 8 14:59:23 CET 2010</I> + <P><UL> + <LI>Previous message: <A HREF="001071.html">[Mageia-sysadm] ldap write log +</A></li> + <LI>Next message: <A HREF="001034.html">[Mageia-sysadm] [516] use a mdv-youri-submit wrapper through sudo, for repsys +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#1072">[ date ]</a> + <a href="thread.html#1072">[ thread ]</a> + <a href="subject.html#1072">[ subject ]</a> + <a href="author.html#1072">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Le mardi 07 décembre 2010 à 15:05 +0100, Buchan Milne a écrit : +><i> On Monday, 6 December 2010 19:26:56 Michael Scherer wrote: +</I>><i> > Hi, +</I>><i> > +</I>><i> > while discussing on irc, we came to the conclusion that it would be nice +</I>><i> > to get some audit ( by sending mail ) when a user change group, or when +</I>><i> > a user is promoted. +</I>><i> +</I>><i> Where would we want this audit data to be stored? Only in the DSA ("LDAP +</I>><i> server")? Of course, not every single change (e.g. password change by +</I>><i> unprivileged user) is going to be of interest. While accesslog overlay can +</I>><i> limit what changes you want to see, I think this would prevent us for using it +</I>><i> for delta-syncreplication. +</I> +In fact, audit may not be the proper name for the idea, as least not for +the start. If we can find a way that do not requires storage, then it +would be better. + +><i> Of course, plain accesslog info is not *that* easy to audit, so we might +</I>><i> prefer to have a view of it in CatDap (I've been looking for something to put +</I>><i> under "LDAP Admin" :-)). +</I>><i> +</I>><i> > A way to do that would be to use the accesslogs overlay, with a cronjob +</I>><i> > to get data from it, and to send them by mail and/or store them too, if +</I>><i> > needed. +</I>><i> +</I>><i> There are other ways, such as syncrepl consumer which evaluates changes, and +</I>><i> could notify immediately (via any suitable medium). I have some code for such +</I>><i> a tool, but it would need to be more configurable than it is now. +</I> +Sound good for this job. + +><i> > Does someone see a problem, or a better idea ? +</I>><i> > +</I>><i> > Obviously, we will need to be careful about what is sent and where, for +</I>><i> > privacy reason. +</I>><i> +</I>><i> Well, I think we may want to consider two aspects: +</I>><i> -An automated process that informs relevant people of actions that may warrant +</I>><i> further investigation (e.g. "User xxx was promoted to objectClass yyy", or +</I>><i> "Member of super-privileged account sustained 100 password failures in 5 +</I>><i> minutes, and is locked out") +</I>><i> -A tool which allows searching on events in the case further investigation is +</I>><i> warranted +</I> +For the moment, the idea is more like the changelog list of package than +to watch suspicious changes. +Like "user got promoted by admin" "user got added to team foo by admin2" +"user leaved team foo". + +Ie, something quite lightweight for the moment, for better +communication. + +The auditing goal is a different beast, warranting more details, more +consideration and IMHO more preparation. ( ie, be sure that we manage +the storage issue, the backup, the privacy of the access, a easy way to +audit, define what is suspicious, etc ). + +-- +Michael Scherer + +</PRE> + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="001071.html">[Mageia-sysadm] ldap write log +</A></li> + <LI>Next message: <A HREF="001034.html">[Mageia-sysadm] [516] use a mdv-youri-submit wrapper through sudo, for repsys +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#1072">[ date ]</a> + <a href="thread.html#1072">[ thread ]</a> + <a href="subject.html#1072">[ subject ]</a> + <a href="author.html#1072">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm +mailing list</a><br> +</body></html> |