[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?



On Wednesday 18 November 2009 04:45:05 pm James Antill wrote:
> On Wed, 2009-11-18 at 16:04 -0500, Steve Grubb wrote:
> > > The problem is the *Default* not the fact that you can consciously
> > > allow users to update without a password.
> >
> > And I wonder what the audit trail will show? Does it show which user
> > installed these packages?
> 
>  PK has it's own logging, it logs the user the API is running from
> there. But it doesn't set loginuid, so "yum history", auditd, SELinux,
> etc. don't know.

That is a big problem. If I have the following audit rule:

-a always,exit -F dir=/usr -F perm=w

It needs to show which user was able to write into /usr or the audit trail is 
broken.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]