Steve Grubb wrote:
On Wednesday 13 December 2006 11:00, Karl MacMillan wrote:
Is there a reason that the audit tools that take a file name paramater
(-if) are not executable by non-root users?
Current tools do not.
[EMAIL PROTECTED] ~]# ls -l /sbin/au*
-rwxr-x--- 1 root root 3080 Dec 1 11:37 /sbin/audispd*
-rwxr-x--- 1 root root 88216 Dec 1 11:37 /sbin/auditctl*
-rwxr-x--- 1 root root 96068 Dec 1 11:37 /sbin/auditd*
-rwxr-x--- 1 root root 102864 Dec 1 11:37 /sbin/aureport*
-rwxr-x--- 1 root root 115420 Dec 1 11:37 /sbin/ausearch*
-rwxr-x--- 1 root root 68816 Dec 1 11:37 /sbin/autrace*
[EMAIL PROTECTED] ~]# rpm -qa | grep audit
audit-libs-1.3-3.fc7
audit-1.3-3.fc7
audit-libs-python-1.3-3.fc7
audit-libs-devel-1.3-3.fc7
It's not the code, but rather the default permissions on the
executables. So this might just be a packaging problem.
Thanks - Karl
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
