[redhat-lspp] Re: Separation between secadm and sysadm proble m????

Chad Hanson chanson at TrustedCS.com
Wed Mar 15 14:48:11 UTC 2006 

I think these are pretty good as well. One thing that usually comes up is
password management (/etc/shadow),  I would suggest secadm for password and
aging changes and sysadm for account creation/deletion (/etc/passwd)....

Thoughts... Comments...

-Chad

> -----Original Message-----
> From: Klaus Weidner [mailto:klaus at atsec.com]
> Sent: Tuesday, March 14, 2006 6:31 PM
> To: Steve Grubb
> Cc: redhat-lspp at redhat.com; Daniel J Walsh
> Subject: Re: [redhat-lspp] Re: Separation between secadm and sysadm
> problem????
> 
> 
> On Tue, Mar 14, 2006 at 06:04:19PM -0500, Steve Grubb wrote:
> > On Tuesday 14 March 2006 17:35, Klaus Weidner wrote:
> > > It's ok, LSPP and RBAC still assume trustworthy admins. 
> There should be
> > > some reasonable audit records about these actions though, 
> and as you say
> > > the documentation should point out the enforcement limitations.
> > 
> > I guess we are wondering about how to split up the access. 
> Is there any 
> > guidance on that or just do whatever 'cause it doesn't 
> matter? How things get 
> > split up will affect the documented procedures.
> 
> The goal should be a split that's as clean as possible 
> assuming that the
> admins stick to the rules required for the evaluated config. 
> Among other
> things, those rules will include not installing new RPM packages for
> policy or other security critical components.
> 
> I would suggest the following, but I haven't thought much about the
> implementation consequences.
> 
> secadm:
> 
> - file relabeling, including MAC overrides (upgrading and downgrading)
> 
> - manage MLS properties of existing OS users (essentially anything
>   involving semanage)
> 
> - low-level SELinux operations (policy load, setenforce, anything that
>   writes in /selinux ?)
> 
> audadm (could be collapsed with secadm as it is now, but I 
> think it would
> make sense to split this if that's feasible):
> 
> - configure audit rules
> 
> - control auditd, modify auditd config
> 
> - read, rotate, and delete audit logs
> 
> sysadm:
> 
> - everything else traditionally done by "root", including RPM package
>   management, and managing OS users (/etc/passwd and so on)
> 
> Please speak up if you want a separate audadm and what your 
> expectations
> for roles are, I don't really have strong opinions about this 
> and RBAC is
> too vague to offer specific guidance.
> 
> -Klaus
> 
> --
> redhat-lspp mailing list
> redhat-lspp at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-lspp
>

More information about the redhat-lspp mailing list