Protecting your security audit data
The security auditing subsystem allows for protection of your security audit data by increasing the assurance that the audit data has not been tampered or modified outside of the auditing facility. This option also protects the confidentiality of the data. The audit data is protected by encrypting and signing the recording data.
Before you begin
Restriction: Signing and encrypting your audit data is only available for data
created using the default binary log audit service provider. If you are using the SMF emitter or a
3rd party emitter you will not be able to sign or encrypt your data.
Before configuring
protection for your security audit data, enable global security and security auditing in your
environment. You must be assigned the auditor role to complete the task of protecting your audit
data. You will also need the administrator role to configure your audit data to be signed.About this task
Procedure
-
Encrypting your security audit records
Audit logs can be encrypted to ensure your audit data is protected. The audit logs will be encrypted using a certificate that is saved to a keystore in the audit.xml file. By encrypting your audit records, only users with the password to the keystore will be able to view or update the audit logs.
-
Signing your security audit records
Audit logs can be signed to ensure the integrity of your audit data. By signing your audit records, you ensure any modifications of the audit logs can be traced.