Problem solve Get help with specific problems with your technologies, process and projects.

What are the best business practices for Unix audit settings?

Can Unix syslogs meet all the demands of regulatory requirements like SOX, HIPAA, GLBA and PCI DSS? Security management expert Mike Rothman gives advice.

What are the best business practices for Unix audit settings? A vendor is trying to convince me that Unix syslogs are sufficient to meet regulatory requirements for SOX, HIPAA, GLBA and PCI DSS. Is this correct?
There is no easy answer to that question. It all depends on the data in need of protection. If there is no sensitive data on those Unix servers, then I suspect that syslog data will meet all the regulations.

Proper audit and logging requirements are defined by the data itself, but I would focus less on the audit requirements and more on the investigative requirements. If the data is compromised, the next step will be to analyze the situation forensically, draw some conclusions and hopefully prosecute the perpetrators.

If the data coming out of syslog is sufficient to investigate an incident -- and it's stored in a way that will stand up in court -- then I have a hard time believing it wouldn't satisfy an auditor.

More information:

This was last published in July 2008

Dig Deeper on IT security audits and audit frameworks

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.