jfh@rpp386.cactus.org (John F Haugh II) (12/18/90)
In article <2371@edat.UUCP> brian@edat.UUCP (brian douglass personal account) writes: >My system was also locking up unexplainably every day. Turned >on the audit control system and found out that a uucp account from >another system that calls in had expired. Issued a new password >and had the other site change their Systems entry, everything was great! Yet Another Reason To Avoid SCO UNIX - If it isn't as easy to properly configure the audit system as it is to improperly configure the audit system, the vendor (SecureWare) needs to be fired. In fact, 2.2.2.2 REQUIRES that the system be able to selectively audit events - "The ADP system administrator shall be able to selectively audit the actions of any one or more users based on individual identity." and 2.2.4.2 - "The procedures for examining and maintaining the audit files as well as the detailed audit record structure for each type of audit even shall be given." The use of an invalid or expired account should be logged separately and easily determined. You should not have to turn auditing on just to discover that someone is logging in with an invalid password. That SCO UNIX is deficient in this regard is clear evidence as to what happens when your product is "designed to meet C2" and not "C2". The work that the NCSC does to certify a product is far more technically oriented than the work it takes for a marketroid to declare that a product is "designed to meet C2". Just another shameless plug - the login package I've been writing for the last 3 years now includes syslog() support, as well as two other mechanisms for doing exactly this type of program debugging. Just say "no" to oppressive and ill-designed "pseudo" security designs! -- John F. Haugh II UUCP: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 832-8832 Domain: jfh@rpp386.cactus.org "While you are here, your wives and girlfriends are dating handsome American movie and TV stars. Stars like Tom Selleck, Bruce Willis, and Bart Simpson."