[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [redhat-lspp] Initial CUPS auditing patch



On Monday 22 August 2005 13:39, Matt Anderson wrote:
> How about something like:
>
> CUPS Config: ClassifyOverride is enabled, users can override print banners
>
> CUPS Config: ClassifyOverride is disabled, users cannot override print
> banners

Admittedly, I haven't reviewed this patch to see all the audit messages. But,
I'd like to keep the text as short as possible. We basically need the 
operation, who did it, to what, and the outcome. I also need it to be easy to 
parse so that you can run ausearch against it and find the unsuccessful 
attempts. 

A good example of what I mean is the shadow-utils code. I created a generic 
logging function that you filled in the necessary parts and it formated the 
message so that it could be easily parsed. I will probably extend this 
generic logger function to libaudit so there is a standard format. This will 
make life easier if we move to a binary format, too.

We can revisit the audit parts of this patch as we get new audit code in 
place. Please don't get too hung up on exact wording at this minute - it will 
likely need to change for some reason.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]