Accounting/auditing reference?
Marco Shaw
marco.shaw at gmail.com
Wed Oct 21 16:17:29 UTC 2009
On Wed, Oct 21, 2009 at 11:42 AM, John Dennis <jdennis at redhat.com> wrote:
> On 10/21/2009 10:32 AM, Marco Shaw wrote:
>>
>> Is there anything online detailing SELinux's accounting and auditing
>> features?
>>
>> Example:
>> How/if it does system and process accounting
>> How/if it does system and process auditing
>> How/if it exactly logs (through syslogd?)
>
> SELinux is a MAC (Mandatory Access Control) system. It does not do
> accounting and auditing. However the features in the audit system are
> probably what you want. For information on audit start here:
> http://people.redhat.com/sgrubb/audit/index.html
>
> SELinux denials do get recorded in the audit log (/var/log/audit/audit.log)
(Line-wrapping may be way off, sorry...)
Thanks John,
Is audit an officially supported package though? If not, I'm going to
have to research
how RHEL can meet all the PCI-DSS requirements...
There was a webcast yesterday on RHEL and PCI compliance, but I got called away
just as they were answering one of my questions near the end of the webcast.
I'll have to research more on the audit.log also. I'd prefer to have
a built-in solution that
uses syslogd, vs something hard coded to a specific log.
Marco
More information about the fedora-selinux-list
mailing list