|
> What Audit team are looking is to prevent the System admin which have > all the God rights on system from ding anything bad. If System > security receivers are somehow replicated online to some other system > like Unix then one can know as what had happened I agree that copying it to another system where the OS400 admin does not have an ID with authority to delete it adds a layer of defense. But it does not reomve the issue -- it just makes it harder. What if the sys admins on the two systems are the same, or friends, or co-conspirators? The point I'd like to make is that at some point you have to rely on a policy that says something like "if you ever delete the audit journal (or copies of it) without authorization, we'll know and we'll fire you." Once you have this policy in place and the admins know about it, then making a copy gives you an extra layer of defense. Without a policy which addresses the deletion of the audit journal or copies of it, you can't hold anyone accountable. Making a copy does not prevent all copies from being deleted nor does it provide accountability. Now, if you have this policy in place, I might argue that the value of making a copy of the audit journal to another system might not provide that much more additional benefit. But that would be your call to make. Patrick Botz Senior Technical Staff Member eServer Security Architect (507) 253-0917, T/L 553-0917 email: botz@xxxxxxxxxx
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
