[redhat-lspp] Re: CUPS audit record
Steve Grubb
sgrubb at redhat.com
Wed Aug 30 21:46:42 UTC 2006
On Wednesday 30 August 2006 17:30, Matt Anderson wrote:
> I think CUPS is a case where acct would be preferable. The auid is
> known, and will be recorded, but acct will correspond with the user
> field that shows up on paper.
What is the source of the user's name? From what I can see, you get the auid
from credentials. So that is the best source of info. If you look it up in
passwd database, ausearch can look it up, too. I really want the most
authoritative information recorded.
> >>The audit record has to capture what the user suggested, along with what
> >> the server ended up using.
> >
> > user-header, final-header?
> >
> Thats what I was trolling for ;) How about we split the difference.
> banner=none,none final-banner=mls,none The alternative is a bit
> lengthy: user-header=none user-footer=none final-header=mls
> final-footer=none
The lengthier one is precise, though. We could abbreviate it usr-hdr, usr-ftr,
fnl-hdr, fnl-ftr. I think 4 name=val pairs will be easier for searching since
people will not have to special case that field.
-Steve
More information about the redhat-lspp
mailing list