[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Sucess or failure?



Well, i am pretty sure that pci dss could consider this a success.
This is because the standard speak of "security" relevant event , in
the same vain of the common criteria standards does. And some distro
that include the linux audit subsystem are common criteria certified (
check in the doc of the audit, package some example configuration for
these standards, Well documented).

Hope this help

best regards

2012/7/22, Michael Mather <michael mather teksavvy com>:
> Thanks for the replies.
>
> The problem is that the PCI requirements say:
>
> 10.3 Record at least the following audit trail entries for all system
> components for each event:
> ...
> 10.3.4 Success or failure indication.
>
> I don't know if PCI would accept the notion that this was success.
>
> Michael
> -------
>
> On Sun, 2012-07-22 at 07:52 +0200, yersinia wrote:
>> >From the point of view of the linux kernel, and of the audit, you have
>> the right to execute the cp, you don't have permission denied. So the
>> result is success.
>>
>> Best regards
>>
>> 2012/7/22, Michael Mather <michael mather teksavvy com>:
>> > Hi,
>> >
>> > I enter the command "sudo cp qwerty /etc/xxx"
>> > and get the reply:  "cp: cannot stat `qwerty': No such file or
>> > directory."
>> >
>> > A number of log entries are written. The last two are, in part:
>> >
>> > type=SYSCALL success=yes
>> > type=EXECVE  argc=3 a0="cp" a1="qwerty" a2="/etc/xxx"
>> >
>> > My problem is with "success=yes".
>> >
>> > What is happening?
>> >
>> > Thanks - Michael Mather
>> > -----------------------
>> >
>> >
>> >
>> > --
>> > Linux-audit mailing list
>> > Linux-audit redhat com
>> > https://www.redhat.com/mailman/listinfo/linux-audit
>> >
>>
>
>
>

-- 
Inviato dal mio dispositivo mobile


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]