Hi Fen,
How did you solve the FIPS 140-2 issue with FileBeat?
I was wrestling with this one but I wasn't sure how it would hold up behind
stunnel.
Thanks,
Trevor
On Tue, Jun 6, 2017 at 11:05 PM, Fen Labalme <fen(a)civicactions.com> wrote:
While rsyslog is an option, we use filebeat with SSL/TLS. Many ways
to
manage as you say. Testing and validation methods need to support tailoring.
=Fen
On Tue, Jun 6, 2017 at 10:01 PM, Trevor Vaughan <tvaughan(a)onyxpoint.com>
wrote:
> So, I was digging through and found the following:
>
> RHEL-07-030300
>
> The operating system must off-load audit records onto a different system
> or media from the system being audited.
>
> and
>
> RHEL-07-030310
>
> The operating system must encrypt the transfer of audit records
> off-loaded onto a different system or media from the system being audited.
>
> This poses a real problem since there are pretty much limitless methods
> to meet this requirement and, given that actual proof is multi-node, this
> is going to be *really* difficult to evaluate properly.
>
> As much as I like auditd, I don't care for the thought of the network
> blocking all of my operations, so I've opted to pass it along to syslog. My
> syslog is then TLS encrypted to the various shipping points. This obviously
> meets the requirement, and I can automatically test that configuration in
> my code but I feel like this is yet another place where we're going to have
> difficulty with the SSG.
>
> I also noticed that this one hasn't been implemented in the SSG and I'm
> guessing that this is why.
>
> What are the plans for things like this moving forward?
>
> Thanks,
>
> Trevor
>
> --
> Trevor Vaughan
> Vice President, Onyx Point, Inc
> (410) 541-6699 x788 <(410)%20541-6699>
>
> -- This account not approved for unencrypted proprietary information --
>
> _______________________________________________
> scap-security-guide mailing list -- scap-security-guide(a)lists.fedo
>
rahosted.org
> To unsubscribe send an email to scap-security-guide-leave@list
>
s.fedorahosted.org
>
>
_______________________________________________
scap-security-guide mailing list -- scap-security-guide@lists.
fedorahosted.org
To unsubscribe send an email to scap-security-guide-leave@
lists.fedorahosted.org
--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699 x788
-- This account not approved for unencrypted proprietary information --