[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: SELinux revisited

From: Steve G <linux_4ever yahoo com>
To: Matthew Saltzman <mjs CLEMSON EDU>, For users of Fedora <fedora-list redhat com>
Cc: fedora-selinux-list redhat com
Subject: Re: SELinux revisited
Date: Sun, 21 Oct 2007 06:19:58 -0700 (PDT)

>> # This file contains the auditctl rules that are loaded
>> # whenever the audit daemon is started via the initscripts.
>> # The rules are simply the parameters that would be passed
>> # to auditctl.
>> 
>> # First rule - delete all
>> -D
>> 
>> # Increase the buffers to survive stress events.
>> # Make this bigger for busy systems
>> -b 320
>> 
>> # Feel free to add below this line. See auditctl man page
>> 
>> -a exit,always -S chroot
>> #-a exit,always -S chdir -F obj_type=dhclient_t
>
>I don't know the rule syntax, but just looking at the source, it
 appears
>to me that the rule on line 15 is malformed (at least compared to the
>others). 

All of those rules look fine for audit  package > 1.3 and  kernel probably > 2.6.21. But those rules are not default and would have taken some research to come up with since I know of no public examples of auditing by selinux context.


-Steve


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Follow-Ups:
- Re: SELinux revisited
  - From: Gene Heskett

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]