You can encrypt audit log records. When you use encryption, the selogrd daemon encrypts audit log record before sending it to the collector (selogrcd or audit log router). The collector in turn decrypts the received records.
CA ControlMinder provides two encryption styles for selogrd: CA ControlMinder standard encryption, and audit log encryption through adcipher. For encryption, selogrd uses functions from shared library objects, as specified in the [selogrd] section of the seos.ini file.
Standard encryption uses the shared library libcrypt; Audit encryption uses functions from a file specified by the CipherName token. By default, the file name is adcipher, which is a symbolic link to the desired shared library. The CA ControlMinder installation process places four shared libraries in the CA ControlMinder/lib directory: lib1des, lib3des, libIDEA, and libblowfish.
CA ControlMinder maintains the standard encryption key in the shared library, while the audit encryption uses a separate file as specified by the KeyFile token (default value: adcipher.bin).
Use the UseEncryption token to determine the type of encryption:
Use the RefuseUnencrypted token to accept or deny unencrypted audit. It is used in conjunction with the UseEncryption token and is redundant if the UseEncryption is set to no:
Note: The selogrcd daemon uses the same tokens in the seos.ini file.
To change the encryption key, use the sechkey utility, described in this chapter.
Important! If you send records to the audit collector, be sure that both selogrd and the collector use the same shared encryption file and encryption key.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|