auditing procmail?
Klaus Weidner
klaus at atsec.com
Wed Feb 23 21:18:37 UTC 2005
On Wed, Feb 23, 2005 at 02:07:33AM -0500, Valdis.Kletnieks at vt.edu wrote:
> Anybody have any good ideas on what should happen for auditing and loginuid
> when Sendmail invokes procmail as a delivery agent, and we're running
> essentially arbitrary code as the user from their .procmailrc? My gut
> feeling is that this *should* act just like a cron job for auditing
> purposes, but the sendmail/procmail interface isn't in the least PAM-ified,
> so we can't just toss in a 'session required pam_audit.so'...
Yes, this is ugly. If the audit context can't be set appropriately this
functionality needs to be disabled for the CC evaluated configuration,
for example by setting "allow_mail_to_commands" in the case of postfix
(see the local(1) man page).
Does anyone plan to add this functionality to the MTA?
-Klaus
More information about the Linux-audit
mailing list