[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: audit on Fedora Core 5



On Thu, 23 Mar 2006 08:42:46 EST, John D. Ramsdell said:

> were not installed.  You'd think that both audit and emacs would be
> part of the base system, independent of what options are specified.

Make the business case for it.  What percent of users need/want Emacs?
What percent of users need/want audit?  (Hint - I'll bet there at least
an order of magnitude, possibly two entire orders, more OpenOffice users
than Emacs users).  If they aren't *asking* for it, what features do the
packages provide that make it worth the added overhead? (Let 'yum' suck
down a copy of an emacs-sized RPM over a less-than-blazing net connection
sometime, and you'll understand the desire to minimize the number of things
installed by default).

In particular, I can make the case that audit should *not* be installed by
default on any box that has SELinux enabled by default - if auditd isn't running,
then SELinux AVC messages will end up in the syslog where most people expect to
find them, in a format that they can use grep and similar to deal with.  If auditd
is running, suddenly those messages are in their own file in /var/log/audit/,
and they need to learn about ausearch and friends.....

Attachment: pgp1YLqCukZ6o.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]