The Auditing subsystem enables the systems administrator to record security-relevant information, which can be analyzed later to detect potential and actual violations of the system's security policy.
系统管理员可以通过审计系统记录与安全性相关的信息,以后可以分析这些信息,寻找违反和可能违反系统安全策略的地方。
This article focuses specifically on the practical aspects of periodic system auditing based on real-world requirements from a system administrator of a subnet in a large academic network.
本文的重点是基于管理大型学术网络子网的系统管理员的真实需求而总结出的一些周期性的系统审计实践。
An administrator can change the configuration, but cannot "wipe out" his tracks because he can't disable auditing.
Administrator可以更改配置,但是无法“掩盖”操作痕迹,因为他无法禁用审计。
应用推荐