On Thursday, July 21, 2016 11:48:04 AM EDT Ondrej Moris wrote: > Hi, I noticed that in 2.6.5 /var/log/audit permission were dropped from > 750 to 600.
The directory should be 0750 or 0700 depending on your config. 0600 would be a mistake. > I am fine with that but while I see the motivation [1], I > just cannot find where is that happening in the code. https://fedorahosted.org/audit/browser/trunk/src/auditd-event.c#L886 > Besides, specfile > still contains: > > %attr(750,root,root) %dir %{_var}/log/audit Maybe I should take the attr away or modify it to (-,root,-). The group can change. For example, I have wheel allowed to run audit reports on my system. > and hence 'rpm -V audit' obviously fails. Yeah. Hmm. -Steve > [1] > http://post-office.corp.redhat.com/archives/tech-list/2016-May/msg00468.html > > -- > Ondrej > > -- > Linux-audit mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/linux-audit -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
