Proactive SELinux fixes from automatic collection of logs

[Stephen John Smoogen]

On 7/2/07, John Dennis <jdennis at redhat.com> wrote:
> On Mon, 2007-07-02 at 22:30 +0530, Rahul Sundaram wrote:

> > > 2) The information contained in an AVC denial is security sensitive. It
> > > would be a huge security hole to automatically transmit any of this
> > > information in the form of a bug report or other notification channel.
> >
> > Encrypt it before transmission and scrub the data before revealing
> > anything. Also this concern is already somewhat offset from the effort
> > described below.
>
> Automatically sending security information to a remote third party is
> not going to be accepted by most users and certainly could not be
> enabled by default. If automatic transmission is not enabled by default
> then what is gained over an administrator of the system being
> automatically notified of a denial by setroubleshoot and letting them
> evaluate if this particular AVC denial needs to be elevated to a bug
> report?
>

Also scrubbing the data can be very hard since the information that
could be sensitive is more than user name/ip address. While there
might be some statistical information that could be picked up (hmmm
4000 users have problems with /xen installations... maybe we should
see if there is a problem with the policy and what people think they
are doing.

Another issue I could see is that if someone opted into the program,
and Fedora 'witnesses' a breakin (or some other criminal act) via a
Selinux report... what are the reporting requirements (depending on
the nation that the servers are in and where the client is.)



-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"