Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual page 110
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.3 - ADMINISTRATION:
- Manual (98 pages) ,
- Release note (24 pages) ,
- Manual (88 pages)
Table of Contents
Advertisement
Chapter 3. Administrative Basics
NOTE
The audit logs for a TPS subsystem cannot be signed.
A log is set to a signed audit log by setting the logSigning parameter to enable and providing the
nickname of the certificate used to sign the log.
When a log is set as a signed audit log, only a user with auditor privileges can access and view the
log. Auditors can use the AuditVerify tool to verify that signed audit logs have not been tampered
with.
If there is not a dedicated certificate to sign audit logs, the subsystem signing certificate can be used
to sign logs. To do this for a Certificate Manager, specify caSigningCert cert-CA_instance
name as the value in the signedAuditCertNickname parameter. For other systems, specify the
appropriate signing certificate.
Which events are recorded in the log are configured by adding or deleting the event type from the
value of the events parameter.
an event, add the logging event to the list; to delete an event, remove it from the list. Log events are
separated by commas with no spaces.
Logging Event
AUDIT_LOG_STARTUP
AUDIT_LOG_SHUTDOWN
ROLE_ASSUME
CONFIG_CERT_PROFILE
CONFIG_CRL_PROFILE
CONFIG_OCSP_PROFILE
CONFIG_AUTH
CONFIG_ROLE
CONFIG_ACL
CONFIG_SIGNED_AUDIT
88
Table 3.11, "Signed Audit Log Events"
Type of Log Messages Generated
The start of the subsystem, and thus the start of
the audit function.
The shutdown of the subsystem, and thus the
shutdown of the audit function.
A user assuming a role. A user assumes a
role after passing through authentication and
authorization systems. Only the default roles of
administrator, auditor, and agent are tracked.
Custom roles are not tracked.
A change is made to the configuration settings
for the certificate profile framework.
A change is made to the configuration settings
for the CRL framework, such as to the
extensions, frequency, and CRL format.
A change is made to the configuration settings
for the OCSP.
A change is made to the configuration settings
for the authentication framework.
A change is made to the configuration settings
for roles, including changes made to users or
groups.
A change is made to the configuration settings
for the ACL framework.
A change is made to the configuration settings
for the signed audit feature.
lists the loggable events. To add
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
Related Products for Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
- Red Hat CERTIFICATE SYSTEM 7.0 - MIGRATION GUIDE
- Red Hat CERTIFICATE 7.1 ADMINISTRATOR
- Red Hat LINUX 7.2 - S-390
- Red Hat LINUX 7.1 - PSERIES
- Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0
- Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE
- Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.3 - ADMINISTRATION and is the answer not in the manual?
Questions and answers