| |
The server was developed to support the notion of an independent auditor. In general, except for creating the auditor's account and setting up the auditor's access rights, the actions of the auditor don't depend on the actions of administrators.
However, the notion of the independent auditor is not absolute. By running unevaluated NLMs, administrators can modify NDS to prevent auditors from performing auditing.
In addition, administrators can subvert an auditor's intended volume audit configuration by backing up a file system and then restoring it, which deletes all audit configuration information about the volume.
Thus, the independent auditor is not a completely independent role. In the evaluated configuration, it is not necessary to have an auditor separate from the administrator. Nonetheless, the ability to separate auditor and administrator activities is useful in most organizations.
| |