What are the best business practices for Unix audit settings?

Can Unix syslogs meet all the demands of regulatory requirements like SOX, HIPAA, GLBA and PCI DSS? Security management expert Mike Rothman gives advice.

What are the best business practices for Unix audit settings? A vendor is trying to convince me that Unix syslogs are sufficient to meet regulatory requirements for SOX, HIPAA, GLBA and PCI DSS. Is this correct?
There is no easy answer to that question. It all depends on the data in need of protection. If there is no sensitive data on those Unix servers, then I suspect that syslog data will meet all the regulations.

Proper audit and logging requirements are defined by the data itself, but I would focus less on the audit requirements

and more on the investigative requirements. If the data is compromised, the next step will be to analyze the situation forensically, draw some conclusions and hopefully prosecute the perpetrators.

If the data coming out of syslog is sufficient to investigate an incident -- and it's stored in a way that will stand up in court -- then I have a hard time believing it wouldn't satisfy an auditor.

More information:

This was first published in July 2008

Dig deeper on IT Security Audits



Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: