system identification in utx database?
Anton Shterenlikht
mexas at bris.ac.uk
Wed Oct 22 11:41:28 UTC 2014
I asked in questions@ and got no reply, trying here.
Thanks
Anton
>From mexas Mon Oct 20 10:37:52 2014
>To: freebsd-questions at freebsd.org
>Subject: system identification in utx database?
>Reply-To: mexas at bris.ac.uk
>
>Hello
>
>Is there any information in a utx(8) database (log)
>that allows one to identify the system where
>that database was recorded? I cannot find any.
>
>I need to preserve the utx access logs from several
>FreeBSD boxes. If I copy the logs to another box,
>or just print, I lose the information about the
>system where these logs came from.
>This is because this information does not
>seem to be present in the logs themselves.
>So I have to add some manual database identification,
>which might cast doubt on the database authenticity
>or integrity, if I even need to rely such databases,
>e.g. in court.
>
>So, I wonder if there is some system identification
>information written to utx database that I'm not
>familiar with.
>
>I also have auditing enabled, but I'm still
>learning it, and don't want to loose the
>simplicity of utx.
>
>Shall I ask in securuty@ list?
>
>Thanks
>
>Anton
More information about the freebsd-security
mailing list