[j-nsp] Supporting Audit Requirements in JUNOS
Stefan Fouant
sfouant at gmail.com
Tue Jul 22 15:38:53 EDT 2008
Hi folks,
As part of SAS 70 Audit requirements, I need to ensure that anytime a
firewall change is made on my routers a description of that change is
recorded. I suppose I could force this by using commit scripts and
forcing the use of "annotate" on anything in the firewall-filters
stanza, although this could be rather unwieldy in it's implementation.
My preference would be to ensure that anytime the configuration is
committed a 'commit comment <comment>' is used, but doesn't seem that
I can use commit-scripts to force that since a commit is not a
configuration variable. I wonder if I could use "allow-commands" or
"deny-commands" to accomplish something along these lines...
Has anyone attempted anything similar? What have you folks done to
support SAS 70 Audit requirements?
Thanks,
--
Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
GPG Key ID: 0xB5E3803D
More information about the juniper-nsp
mailing list