> > Note the plugin configuration is sensitive and should be readable only for
> > solaris.audit.config authorization.
>
> I disagree with that statement. You are effectively moving
> audit_control(4) data into SMF. In snv_56 bug 6494262 was fixed which
> made audit_control a world readable file, where it was previously only
> root readable. This change was done so that applications need to see
> that audit configuration didn't need uid == 0 or file_dac_read. If the
> plugin configuration uses a sensitive property (ie those defined in
> PSARC/2007/177) and an authorisation is needed you have effectively
> reverted the fix 6494262 that put in place - but it is now complex in a
> different way because authorisations are given to users where is the
> previous case needed privileges which apply to processes.
That was my bad. In mail I sent to Tomas, I outlined things
with read_authorization. I don't recall what I was thinking of
at the time. I recalled audit_startup still being private. I
thought I later recanted that, but must not have done so. However,
the data suggested as being stored in protected property groups
does not have to be world readable, and perhaps shouldn't be world
readable. The reason for making audit_control world readable was
to process the flags: and naflags: statements without needing to
have special read access.
The dir: and minfree: statements are obsolete and not coming forward.
The plugin: statement may want to be protected. In audit_control
it cannot be.
So there are a number of parts to the whole audit conversion to
smf properties: converting audit_startup -- all of which could
be private, converting audit_control -- see above, parts of this
could be private.
Any how, I believe the audit policy flags and plugins could
be private as they've been up to snv_56 and the flags and naflags
public so processes that audit can meet the principle of least
privilege.
I believe Tomas' specific question came from my suggestion on
how to handle plugins and allow for future plugins.
After talking with various SMF iTeam members, and trying to
get a grasp on things I proposed 4 plugins (ignore the remote,
and receive other than as examples). So now you have concrete
examples of Tomas' question.
Modulo not providing a value_authorization statement in the
example, you'd want the admin to be able to enable/disable
each plug-in independently; you'd want the admin to be able
to specify values for the various attributes to configure the
individual plug-ins.
Gary..
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<property_group name='binfile' type='SUNW,audit_plugin'>
<property name='audit_binfile.so' type='astring' override='true'/>
<property name='attributes' type='astring' override='true'>
<astring_list>
<value_node value='p_minfree=20'/>
<value_node
value='p_dir=/var/audit,/var1/audit,/var2/audit'/>
</astring_list>
</property>
<property name='enabled' type='boolean' override='true'>
<boolean_list>
<value_node value='true'/>
</boolean_list>
</property>
<propval name='read_authorization' type='astring'
value='solaris.audit.config' />
</property_group>
<property_group name='syslog' type='SUNW,audit_plugin'>
<property name='audit_syslog.so' type='astring' override='true'/>
<property name='attributes' type='astring' override='true'>
<astring_list>
<value_node value='p_flags=all'/>
</astring_list>
</property>
<property name='enabled' type='boolean' override='true'>
<boolean_list>
<value_node value='false'/>
</boolean_list>
</property>
<propval name='read_authorization' type='astring'
value='solaris.audit.config' />
</property_group>
<property_group name='remote' type='SUNW,audit_plugin'>
<property name='audit_remote.so' type='astring' override='true'/>
<property name='attributes' type='astring' override='true'>
<astring_list>
<value_node
value='p_hosts=audit-host1,audit-host2,audit-host3'>
<value_node value='p_retries=3'/>
<value_node value='p_tiemout=5'/>
</astring_list>
</property>
<property name='enabled' type='boolean' override='true'>
<boolean_list>
<value_node value='false'/>
</boolean_list>
</property>
<propval name='read_authorization' type='astring'
value='solaris.audit.config' />
</property_group>
<property_group name='receive' type='SUNW,audit_plugin'>
<property name='audit_receive.so' type='astring' override='true'/>
<property name='attributes' type='astring' override='true'>
<astring_list>
<value_node value='p_minfree=20'/>
<value_node
value='p_dir=/var/audit,/var1/audit,/var2/audit'/>
<value_node value='p_maxclient=5'/>
<value_node value='p_port=audit'/>
</astring_list>
</property>
<property name='enabled' type='boolean' override='true'>
<boolean_list>
<value_node value='false'/>
</boolean_list>
</property>
<propval name='read_authorization' type='astring'
value='solaris.audit.config' />
</property_group>
>
> --
> Darren J Moffat
>
