[OpenAFS] Monitoring bad ACLs of webpages: best practices? faster search?

Stephen Repetski skrepetski@gmail.com
Sat, 8 May 2010 00:37:22 -0400


> -----Original Message-----
> From: openafs-info-admin@openafs.org [mailto:openafs-info-
> admin@openafs.org] On Behalf Of Jeffrey Altman
> Sent: Friday, May 07, 2010 3:21 PM
> To: openafs-info@openafs.org
> Subject: Re: [OpenAFS] Monitoring bad ACLs of webpages: best =
practices?
> faster search?
>=20
> There are audit logs that you can turn on which will log every
> ACL change.  Audit log output can be written to a pipe so that
> a process can scan then in real time.  You can then have that
> process send e-mail, log warnings, or even alter the ACL if
> necessary.
>=20
> There will be a talk at the upcoming workshop describing how
> a combination of dump scanning and audit stream parsing was
> used to enforce export compliance regulations.
>=20
> Jeffrey Altman

Could you explain a bit more about the audit logs showing the ACL change =
data (and perhaps some example usage)? Our institution has had some of =
the same concerns brought up in this thread, and hope to implement one =
or a series of solutions to prevent damage from poorly thought out ACLs =
that users may create. While this would be an after-the-fact log scan, =
it would still prove to be extremely useful.

----------
Stephen (Trey) Repetski
skr3394@rit.edu | skrepetski@gmail.com
srepetsk.net    | RIT '13, TJHSST '09