[dev.icinga.com #12981] Cryptographically signed audit log #521
Labels
Comments
|
Updated by mfrosch on 2016-10-26 17:25:50 +00:00
The audit log itself is checksummed, and basically verifiable. If you really secure the database it should be fine. But still, this is a low prio issue, and needs a concept, and proper implementation. So open for discussion. |
|
Updated by tgelf on 2016-12-13 09:45:36 +00:00
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This issue has been migrated from Redmine: https://dev.icinga.com/issues/12981
Created by twidhalm on 2016-10-25 12:01:02 +00:00
Assignee: (none)
Status: New
Target Version: Feature whishlist
Last Update: 2016-12-13 09:45:36 +00:00 (in Redmine)
Hi,
Since I have lots of customers who want a revision-ready audit log, I think it would be a good idea to have a signature on every config change. So the database based audit log (and maybe the yet-to-come audit log from #12976 ) could use signature with the GnuPG key of the person who issued the change.
I don't know how keeping the passphrase could work so that it's safe but not so complicated that users won't use it.
Cheers,
Thomas
The text was updated successfully, but these errors were encountered: