[redhat-lspp] Re: Separation between secadm and sysadm proble m????
Chad Hanson
chanson at TrustedCS.com
Wed Mar 15 14:48:11 UTC 2006
I think these are pretty good as well. One thing that usually comes up is
password management (/etc/shadow), I would suggest secadm for password and
aging changes and sysadm for account creation/deletion (/etc/passwd)....
Thoughts... Comments...
-Chad
> -----Original Message-----
> From: Klaus Weidner [mailto:klaus at atsec.com]
> Sent: Tuesday, March 14, 2006 6:31 PM
> To: Steve Grubb
> Cc: redhat-lspp at redhat.com; Daniel J Walsh
> Subject: Re: [redhat-lspp] Re: Separation between secadm and sysadm
> problem????
>
>
> On Tue, Mar 14, 2006 at 06:04:19PM -0500, Steve Grubb wrote:
> > On Tuesday 14 March 2006 17:35, Klaus Weidner wrote:
> > > It's ok, LSPP and RBAC still assume trustworthy admins.
> There should be
> > > some reasonable audit records about these actions though,
> and as you say
> > > the documentation should point out the enforcement limitations.
> >
> > I guess we are wondering about how to split up the access.
> Is there any
> > guidance on that or just do whatever 'cause it doesn't
> matter? How things get
> > split up will affect the documented procedures.
>
> The goal should be a split that's as clean as possible
> assuming that the
> admins stick to the rules required for the evaluated config.
> Among other
> things, those rules will include not installing new RPM packages for
> policy or other security critical components.
>
> I would suggest the following, but I haven't thought much about the
> implementation consequences.
>
> secadm:
>
> - file relabeling, including MAC overrides (upgrading and downgrading)
>
> - manage MLS properties of existing OS users (essentially anything
> involving semanage)
>
> - low-level SELinux operations (policy load, setenforce, anything that
> writes in /selinux ?)
>
> audadm (could be collapsed with secadm as it is now, but I
> think it would
> make sense to split this if that's feasible):
>
> - configure audit rules
>
> - control auditd, modify auditd config
>
> - read, rotate, and delete audit logs
>
> sysadm:
>
> - everything else traditionally done by "root", including RPM package
> management, and managing OS users (/etc/passwd and so on)
>
> Please speak up if you want a separate audadm and what your
> expectations
> for roles are, I don't really have strong opinions about this
> and RBAC is
> too vague to offer specific guidance.
>
> -Klaus
>
> --
> redhat-lspp mailing list
> redhat-lspp at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-lspp
>
More information about the redhat-lspp
mailing list