home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!snorkelwacker.mit.edu!stanford.edu!rutgers!dziuxsolim.rutgers.edu!zodiac.rutgers.edu!leichter
- From: leichter@zodiac.rutgers.edu
- Newsgroups: vmsnet.misc
- Subject: Re: How to boot VMS from a failed AUDIT writingREAD/NEW/FOLLOWUP
- Message-ID: <1992Aug19.082759.1@zodiac.rutgers.edu>
- Date: 19 Aug 92 12:27:59 GMT
- References: <1992Aug10.142728.4397@mic.ucla.edu> <1992Aug11.123003.247@winkle.bhpese.oz.au> <1992Aug18.094524@mccall.com>
- Sender: news@dziuxsolim.rutgers.edu
- Organization: Rutgers University Computing Services
- Lines: 20
- Nntp-Posting-Host: cancer.rutgers.edu
-
- Terry Poot complains that the default configuration of the audit server makes
- the system unbootable if the audit log fills.
-
- This is really due to the DoD! The audit server was designed around the DoD
- secure system requirements as part of reaching C2 certification back in VMS
- V4.5, or whichever version was actually certified. A major requirement is
- that all security-relevant actions be logged - and as part of that that the
- system refuse to run when it cannot write log entries. (I believe the certi-
- fication actually included an exception because, if the log was being written
- to a hard-copy device, it was possible for the system to continue if the
- output device ran out of paper!)
-
- Now, you can say that this feature should only be there if you ask for it.
- However, the certification requirements must be met on the system AS IT
- WOULD BE INSTALLED "OUT OF THE BOX". Given the past history of systems that
- are secure if you set them up right - but never seem to actually get set up
- right - this is a wise policy. Unfortunately, it means imposing a real
- inconvenience on people who DON'T want this level of auditing.
-
- -- Jerry-
-
