/etc/security/audit_warn -- where to log to by default?

fergus fergus at cobbled.net
Wed Jan 26 10:53:20 GMT 2005


On 25.01-01:34, Robert Watson wrote:
[ ... ]
> The primary interesting downside would be on a system running MAC, where
> perhaps the integrity grade, confidentiality level, or domain/type of the
> audit data is different from that of the other log data, and would benefit
> from being stored in another directory to facilitate that, not to mention
> keeping the syslog daemon out of the loop (as syslogd talks to a lot of
> other processes directly, including many untrusted ones).

i need to look at this - the forever todo list - but i assume
we can write-up.  when doing customer installs on pitbull we
just set the compartment of the syslog over all the applications
that need to log.

all the logs are then set above that 

==

LOG        | log_a | log_b | log_c |

DAEMON     | ----- syslogd ------- |

APP        | app_a | --- app_b --- |

==

the administrator obviously sits above that.  then you don't
need any privilage or tricks.  unless we have a privilage for
write_up ???  which is not too powerful a privilage to give
away anyway.

anyway, that's the way we did it.

-- 
: fergus cameron                :   [ .]        cobbled    :
: ^^^^^^@cobbled.net            : [ ~][ ]             .net :

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message



More information about the trustedbsd-discuss mailing list