On 06/20/2015 07:06 AM, Ken Schneider - openSUSE wrote:
On 06/18/2015 05:22 PM, Lew Wolfgang wrote:
On 06/18/2015 01:31 PM, jdd wrote:
Le 18/06/2015 22:28, I. Petrov a écrit :
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello Lew,
Interesting question indeed. In my opinion however it is not possible at all (especially for the root user). I'm interested what the others think about this though.
depends of what one want to do with the file, switching off an usb disk can prevent the file from being removed, even by root, be it's also unavailable for the others
Perhaps I should have included the original requirement. Here it is:
"The operating system must enforce dual authorization for movement and/or deletion of all audit information, when such movement or deletion is not part of an authorized automatic process."
Damn pointy hair bosses not know the difference between reality and fantasy.
I know... The consensus I've taken from this thread is that the best (only?) way to do this has rsyslog sending specified logs to two administratively distinct remote servers. I'll leave it up to the PHB if he wants to pay for this or not. This would be sound policy if there were enough hosts to justify the overhead. Of course, you need to pay someone to analyze tons of audit files, but that's another matter... Thanks to everyone who chipped in! Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org