Auditing of Samba activity and SOX

[Peter.McLarty () mincom com]

Hi
I am having some discussions with a client about a solution to access 
reports on a Unix server and our proposal is and has been in the past for 
our customers  to use Samba to do this. Some of the trouble comes from the 
big 4 consulting house which is there SOX auditor
This customer is balking  due to their organisation having to be SOX 
compliant. 
The complaint is that a user could view or edit a sensitive file /report 
and as Samba has no capability to audit all the users activity and on the 
face of it this is a somewhat valid argument.

Obviously other organisations are SOX compliant and using Samba so there 
has to be a solution. My initial thought is to use Unix auditing  by 
enabling the HP-UX trusted computing.

How have other organisations been able to meet SOX with Samba servers


Cheers

Peter 





-- 
This transmission is for the intended addressee only and is confidential information. If you have received this 
transmission in error, please notify the sender and delete the transmission. The contents of this e-mail are the 
opinion of the writer only and are not endorsed by the Mincom Group of companies unless expressly stated otherwise.