[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[PATCH] change default mode of audit.log to 640



steve-

the attached patch also prevents ausearch from checking for group write
permissions on audit.log, which i missed in what i pasted earlier on
irc.  this patch will be an improvement for me because i create an audit
group that i want to be able to review the logs, but not to modify them.
unless this has unintended consequences, or breaks things for someone
else please apply.

thanks.

rob.
--- audit-1.0.2/src/auditd-config.c.orig	2005-08-19 14:00:58.033387055 -0400
+++ audit-1.0.2/src/auditd-config.c	2005-08-19 14:01:10.257338440 -0400
@@ -401,9 +401,9 @@ static int log_file_parser(const char *v
 		audit_msg(LOG_ERR, "%s is not owned by root", val);
 		return 1;
 	}
-	if ((buf.st_mode & (S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP)) != 
-			   (S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP)) {
-		audit_msg(LOG_ERR, "%s permissions should be 0660", val);
+	if ((buf.st_mode & (S_IRUSR|S_IWUSR|S_IRGRP)) != 
+			   (S_IRUSR|S_IWUSR|S_IRGRP)) {
+		audit_msg(LOG_ERR, "%s permissions should be 0640", val);
 		return 1;
 	}
 	if (config->log_file)
@@ -771,7 +771,7 @@ int create_log_file(const char *val)
 
 	umask(S_IRWXO);
 	fd = open(val, O_CREAT|O_EXCL|O_APPEND,
-		S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP);
+		S_IRUSR|S_IWUSR|S_IRGRP);
 	if (fd < 0) 
 		audit_msg(LOG_ERR, "Unable to create %s (%s)", val,
 			strerror(errno));

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]