[prev in list] [next in list] [prev in thread] [next in thread]
List: pkg-shadow-devel
Subject: Re: [Pkg-shadow-devel] audit newgrp
From: Karel Zak <kzak () redhat ! com>
Date: 2008-02-15 1:31:17
Message-ID: 20080215013117.GK14641 () ws ! dvoda ! cz
[Download RAW message or body]
On Thu, Feb 14, 2008 at 08:08:29PM +0100, Nicolas François wrote:
> Hi,
>
> On Wed, Feb 13, 2008 at 03:02:56PM +0100, pvrabec@redhat.com wrote:
> >
> > could you commit this patch please. It makes newgrp to use correct audit
> > event. Patch from sgrubb@redhat.com
>
> Thanks, it's committed.
> With only minor reformatting.
>
> By the way, newusers do not have audit support.
>
> I'm also surprised by the audit events used in other tools.
> I would have expected useradd to use AUDIT_ADD_USER and userdel to use
> AUDIT_DEL_USER, but they are both using AUDIT_USER_CHAUTHTOK.
>
> Maybe the usage of audit in shadow should be audited.
>
> I'm not used at all with libaudit. Is there a developer manual which
There are man pages, but AUDIT_* messages are explained in
libaudit.h. A short overview:
/* Audit message types:
* 1000 - 1099 are for commanding the audit system
* 1100 - 1199 user space trusted application messages
* 1200 - 1299 messages internal to the audit daemon
* 1300 - 1399 audit event messages
* 1400 - 1499 kernel SE Linux use
* 1500 - 1599 AppArmor events
* 1600 - 1699 kernel crypto events
* 1700 - 1799 kernel anomaly records
* 1800 - 1999 future kernel use (maybe integrity labels and related events)
* 2001 - 2099 unused (kernel)
* 2100 - 2199 user space anomaly records
* 2200 - 2299 user space actions taken in response to anomalies
* 2300 - 2399 user space generated LSPP events
* 2400 - 2499 user space crypto events
* 2500 - 2999 future user space (maybe integrity labels and related events)
*/
Karel
--
Karel Zak <kzak@redhat.com>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic