/etc/security/audit_warn -- where to log to by default?
fergus
fergus at cobbled.net
Wed Jan 26 10:53:20 GMT 2005
On 25.01-01:34, Robert Watson wrote:
[ ... ]
> The primary interesting downside would be on a system running MAC, where
> perhaps the integrity grade, confidentiality level, or domain/type of the
> audit data is different from that of the other log data, and would benefit
> from being stored in another directory to facilitate that, not to mention
> keeping the syslog daemon out of the loop (as syslogd talks to a lot of
> other processes directly, including many untrusted ones).
i need to look at this - the forever todo list - but i assume
we can write-up. when doing customer installs on pitbull we
just set the compartment of the syslog over all the applications
that need to log.
all the logs are then set above that
==
LOG | log_a | log_b | log_c |
DAEMON | ----- syslogd ------- |
APP | app_a | --- app_b --- |
==
the administrator obviously sits above that. then you don't
need any privilage or tricks. unless we have a privilage for
write_up ??? which is not too powerful a privilage to give
away anyway.
anyway, that's the way we did it.
--
: fergus cameron : [ .] cobbled :
: ^^^^^^@cobbled.net : [ ~][ ] .net :
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list