|
|
|
You can encrypt audit log records. When you use encryption, the selogrd daemon encrypts audit log record before sending it to the collector (selogrcd or audit log router). The collector in turn decrypts the received records.
CA Access Control provides two encryption styles for selogrd: CA Access Control standard encryption, and audit log encryption through adcipher. For encryption, selogrd uses functions from shared library objects, as specified in the [selogrd] section of the seos.ini file.
Standard encryption uses the shared library libcrypt; Audit encryption uses functions from a file specified by the CipherName token. By default, the file name is adcipher, which is a symbolic link to the desired shared library. The CA Access Control installation process places four shared libraries in the CA Access Control/lib directory: lib1des, lib3des, libIDEA, and libblowfish.
CA Access Control maintains the standard encryption key in the shared library, while the audit encryption uses a separate file as specified by the KeyFile token (default value: adcipher.bin).
Use the UseEncryption token to determine the type of encryption:
Use the RefuseUnencrypted token to accept or deny unencrypted audit. It is used in conjunction with the UseEncryption token and is redundant if the UseEncryption is set to no:
Note: The selogrcd daemon uses the same tokens in the seos.ini file.
To change the encryption key, use the sechkey utility, described in this chapter.
Important! If you send records to the audit collector, be sure that both selogrd and the collector use the same shared encryption file and encryption key.
| Copyright © 2012 CA. All rights reserved. |
|