[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: audit.56 merged with audit-2.6.git



On Thursday 09 June 2005 08:54, Steve Grubb wrote:

> No audit records are generated when I made the file world readable. I suppose 
> you could hook the right syscalls, but that would provide way too much info. 
> The reason I ask is Table 1 of CAPP,  FMT_MSA.3 says that we should be able 
> to audit all modifications to the initial value of security attributes & 
> modifications to permissive or restrictive rules. Maybe I misunderstand the 
> application of this requirement, but that seems like file permissions.

Have you tried using the syscall (inode,dev)-based filter rules?

-tim


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]