Klaus Weidner wrote:
On Fri, Apr 28, 2006 at 05:45:05PM -0400, Daniel J Walsh wrote:
Michael C Thompson wrote:
I just checked, and with policy selinux-policy-mls-2.2.35-2, sysadm_r
and secadm_r can modify /etc/auditd.conf, /etc/audit.rules,
/etc/init.d/auditd can read and write these files.
secadm should not be able to edit auditd.conf or audit.rules. That is a
bug. I do not know about sysadm
We can't expect a totally robust split between sysadm and audadm, and
LSPP/RBAC still assume a trustworthy admin.
Understandable, I think the role of auditadm is pretty clear (affecting
audit changes, and that's it). It seems that sysadm is the overall admin
role, so does the following diagram make sense?
------------- sysadm -----------
-- auditadm -- -- secadm--
auditadm and secadm have some unique capabilities, but share
functionality with sysadm, but from what I can tell, not with each other.
What are the capabilities of secadm? Changing security contexts of
files, etc? Anything else?
> I think the most important
part is that sysadm should be prevented from using auditctl to modify
rules, and from stopping/restarting auditd, which would ensure that the
sysadm can't change the audit config without restarting the entire
system.
I would agree, I need to know what the approach will be so I can test
though.
Mike
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
