hi,
Here there is a question ,and please help me .
my work is that when user input "getfacl" or "setfacl", whatever success
or failed,
the process of auditd can log this operation and the operation type is
AUDIT_DAC_CHECHK that is defined in libaudit.h .
In order to reach the destination ,i modified the codes in the packets of
acl-2.2.39 and audit-1.7.7 .
Firstly ,i added the function audit_log_acct_message() in the file of
getfacl.c and setfacl.c in the audited place and
the function audit_log_acct_message() is in file audit_logging.c of the
audit-1.7.7.
Secondly, i make the the project of acl and the result is ok .And i run
the object file of getfacl.
When the user is root,the audit message of getfacl operation can be logged.But
when the user is normal user,the audit message cann't
be logged. The VAR "errno" value is "Operation not permitted".when i execute
the command "chmod u+s getfacl" as root. and then
the audit message of getfacl operation can be logged au normal user.
how i can reslove the problem that when normal user and normal authority
execute the command "getfacl" ,the audit system still can log the
operation?????
thank you very much. i am looking forward to your reply!!!
tianyong --
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
