The security auditing subsystem allows for protection of
your security audit data by increasing the assurance that the audit
data has not been tampered or modified outside of the auditing facility.
This option also protects the confidentiality of the data. The audit
data is protected by encrypting and signing the recording data.
Before you begin
Restriction: Signing and encrypting your audit
data is only available for data created using the default binary log
audit service provider. If you are using the SMF emitter or a 3rd
party emitter you will not be able to sign or encrypt your data.
Before
configuring protection for your security audit data, enable global
security and security auditing in your environment. You must be assigned
the auditor role to complete the task of protecting your audit data.
You will also need the administrator role to configure your audit
data to be signed.
About this task
The practice of auditing requires assurances that your audit
data is accurate and uncompromised. Your audit data has the option
to be encrypted, signed, or encrypted and signed. You can protect
your audit data using these options to provide assurances that you
data is only viewed by authorized users and can not untraceably be
modified . To protect the validity of your security auditing functionality,
complete the following steps:
Procedure
- Encrypting your security audit records
Audit logs can be encrypted to ensure your audit data is protected.
The audit logs will be encrypted using a certificate that is saved
to a keystore in the audit.xml file. By encrypting your audit
records, only users with the password to the keystore will be able
to view or update the audit logs.
- Signing your security audit records
Audit logs can be signed to ensure the integrity of your audit
data. By signing your audit records, you ensure any modifications
of the audit logs can be traced.
Results
After completing these steps your data will be signed, encrypted
or signed and encrypted to provide assurances that the data is accurate
and confidential.
What to do next
After protecting your data, you can configure notifications
to ensure you are notified if a problem with the security auditing
subsystems occurs that prevents security events from being recorded.