Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SOX issue ... logging heightened access account activity 2

Status
Not open for further replies.

bl1wilson

MIS
May 25, 2006
1
US
Greetings,

I am consulting with a client and their external account firm has challenged them to log and monitor heightened access accounts (administrator and a select number of critical generic accounts) (for this discussion just UNIX)high risk activity.

First we must identify "high risk" functions. Then we must identify a managable method of tracking thes activities for the identified heightened access accounts.

Any background experiences, thoughts, feedback, comments (keep'm clean :).

Thank you in advance.

Britt
 
you may want to check out either the Gartner Group, Guardium, or other company intimate with SOX compliance.

this is not an easy task due to the complexity of your request.

good luck
 
It depends on your flavour of Unix... there's a lot of built in tools for Solaris for example (eg BART). Also shells themselves can often be configured to log actions and some do it by default.. for example bash's history files... The problem is that someone with sufficiently high privileges can always modify these logs of course, so its better if you have some way of ensuring that doesnt happen, or something that will tell you if it has happened.

If your flavour is Linux, look into something like auditd or process accounting.



Isaac Orr
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top