Difference between revisions of "Projects/Audit"
From K5Wiki
< Projects
m |
m |
||
| Line 3: | Line 3: | ||
== Purpose == |
== Purpose == |
||
| − | The |
+ | The focus of this project will be on creating an Audit infrastructure within MIT Kerberos to monitor security related events on the KDC. The initial set of the audible events will be identified. |
== Requirements == |
== Requirements == |
||
| Line 17: | Line 17: | ||
== Events == |
== Events == |
||
| − | This section details the list of the events, the content of the log entries |
+ | This section details the list of the events, the content of the log entries. |
Each record must contain at least the timestamp of the event, the event id (type), and the status of the event (success or failure). |
Each record must contain at least the timestamp of the event, the event id (type), and the status of the event (success or failure). |
||
| Line 26: | Line 26: | ||
;Audit plugin: loaded, unloaded; |
;Audit plugin: loaded, unloaded; |
||
| − | ; KDC: started |
+ | ; KDC: started, stopped; |
;AS exchange: AS attempt (unsuccessful) and AS done (success): |
;AS exchange: AS attempt (unsuccessful) and AS done (success): |
||
;TGS exchange: Successful or unsuccessful attempt and alternative TGS; |
;TGS exchange: Successful or unsuccessful attempt and alternative TGS; |
||
| Line 40: | Line 40: | ||
We will use libaudit module available on Fedora, Debian, Suse for the first round. |
We will use libaudit module available on Fedora, Debian, Suse for the first round. |
||
| − | Some simple audit plugin will be implemented and Python test system will become aware of its existence. |
+ | Some "simple" audit plugin will be implemented and Python test system will become aware of its existence. New ./configure --with-audit-plugin option will be introduced to build "simple" audit plugin for testing purpose. If audit is enabled and audit plugin is available, "make check" will store audit messages into audit log file. |
| + | |||
| + | == References == |
||
| + | |||
| + | #. Common Criteria for Information Technology Security Evaluation http://www.commoncriteriaportal.org/files/ccfiles/CCPART2V3.1R4.pdf |
||
| + | #. Oracle Solaris Auditing http://docs.oracle.com/cd/E19963-01/html/821-1456/auditov-1.html |
||
| + | #. Understanding Linux Audit http://doc.opensuse.org/products/draft/SLES/SLES-security_sd_draft/cha.audit.comp.html |
||
| + | #. Events Classification in Log Audit http://airccse.org/journal/nsa/0410ijnsa5.pdf |
||
Revision as of 11:08, 9 October 2012
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.
Purpose
The focus of this project will be on creating an Audit infrastructure within MIT Kerberos to monitor security related events on the KDC. The initial set of the audible events will be identified.
Requirements
The new audit system should be:
- build-time enabled;
- run-time pluggable;
- simple, so it could be easily replaced with the OS specific implementations;
- if possible, record the i18n- and l10n-ready log messages.
Events
This section details the list of the events, the content of the log entries.
Each record must contain at least the timestamp of the event, the event id (type), and the status of the event (success or failure). Startup and shutdown of the audit system must be recorded by audit system.
Categories:
- Audit plugin
- loaded, unloaded;
- KDC
- started, stopped;
- AS exchange
- AS attempt (unsuccessful) and AS done (success):
- TGS exchange
- Successful or unsuccessful attempt and alternative TGS;
- Secret
- Session key generation and cleaning them up;
- Policy
- Policies violation when processing requests;
Design details
TODO
Test implementation
We will use libaudit module available on Fedora, Debian, Suse for the first round.
Some "simple" audit plugin will be implemented and Python test system will become aware of its existence. New ./configure --with-audit-plugin option will be introduced to build "simple" audit plugin for testing purpose. If audit is enabled and audit plugin is available, "make check" will store audit messages into audit log file.
References
- . Common Criteria for Information Technology Security Evaluation http://www.commoncriteriaportal.org/files/ccfiles/CCPART2V3.1R4.pdf
- . Oracle Solaris Auditing http://docs.oracle.com/cd/E19963-01/html/821-1456/auditov-1.html
- . Understanding Linux Audit http://doc.opensuse.org/products/draft/SLES/SLES-security_sd_draft/cha.audit.comp.html
- . Events Classification in Log Audit http://airccse.org/journal/nsa/0410ijnsa5.pdf
