Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SOX issue ... logging heightened access account activity 2

Status
Not open for further replies.
bl1wilson

bl1wilson

MIS
May 25, 2006
1
US
Greetings,

I am consulting with a client and their external account firm has challenged them to log and monitor heightened access accounts (administrator and a select number of critical generic accounts) (for this discussion just UNIX)high risk activity.

First we must identify "high risk" functions. Then we must identify a managable method of tracking thes activities for the identified heightened access accounts.

Any background experiences, thoughts, feedback, comments (keep'm clean :).

Thank you in advance.

Britt
 
Sort by date Sort by votes
you may want to check out either the Gartner Group, Guardium, or other company intimate with SOX compliance.

this is not an easy task due to the complexity of your request.

good luck
 
Upvote 0 Downvote
It depends on your flavour of Unix... there's a lot of built in tools for Solaris for example (eg BART). Also shells themselves can often be configured to log actions and some do it by default.. for example bash's history files... The problem is that someone with sufficiently high privileges can always modify these logs of course, so its better if you have some way of ensuring that doesnt happen, or something that will tell you if it has happened.

If your flavour is Linux, look into something like auditd or process accounting.



Isaac Orr
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

T
  • Locked
  • Solved
Not able to log into my previous account, and there's no "Forget Password"
Replies
15
Views
1K
Chris Miller
Chris Miller
Mirzapur
  • Locked
  • Question
NEC SV9100 Trunk to Trunk Transferred call Not disconnecting issue
Replies
0
Views
502
Mirzapur
Mirzapur
Carlvic
  • Locked
  • Question
Webhosting Issues.
Replies
4
Views
179
Carlvic
Carlvic
nakbrooks
  • Locked
  • Question
Configuring NAT on SonicWall TZ210 to access ADSL router from LAN
Replies
0
Views
122
nakbrooks
nakbrooks
DawnP
  • Locked
  • Question
Documentation Needed Showing Importance of Access Control
Replies
1
Views
78
Textron68
Textron68

Part and Inventory Search

Sponsor

Back
Top