Audit Log Route Encryption

You can encrypt audit log records. When you use encryption, the selogrd daemon encrypts audit log record before sending it to the collector (selogrcd or audit log router). The collector in turn decrypts the received records.
capamsc141
You can encrypt audit log records. When you use encryption, the selogrd daemon encrypts audit log record before sending it to the collector (selogrcd or audit log router). The collector in turn decrypts the received records.
PAM Server Control
 provides two encryption styles for selogrd: 
PAM Server Control
standard encryption, and audit log encryption through adcipher. For encryption, selogrd uses functions from shared library objects, as specified in the [selogrd] section of the seos.ini file.
Standard encryption uses the shared library libcrypt; Audit encryption uses functions from a file specified by the CipherName token. By default, the file name is adcipher, which is a symbolic link to the desired shared library. The product installation process places four shared libraries in the lib directory: lib1des, lib3des, libIDEA, and libblowfish.
PAM Server Control
 maintains the standard encryption key in the shared library, while the audit encryption uses a separate file as specified by the KeyFile token (default value: adcipher.bin).
Use the UseEncryption token to determine the type of encryption:
  • To use 
    PAM Server Control
    standard encryption, specify UseEncryption=native
  • To use audit log encryption through adcipher, specify UseEncryption=eTrust, and enter the appropriate values for the CipherName and KeyFile tokens.
  • To disable selogrd encryption, specify UseEncryption=no.
Use the RefuseUnencrypted token to accept or deny unencrypted audit. It is used in conjunction with the UseEncryption token and is redundant if the UseEncryption is set to no:
  • To refuse unencrypted audit, specify RefuseUnencrypted=yes
  • To accept both encrypted and unencrypted audit, specify RefuseUnencrypted=no
Note:
The selogrcd daemon uses the same tokens in the seos.ini file.
To change the encryption key, use the sechkey utility, described in this chapter.
If you send records to the audit collector, be sure that both selogrd and the collector use the same shared encryption file and encryption key.