All of lore.kernel.org
 help / color / mirror / Atom feed
* User Account Lifecycle Auditing Specification
@ 2014-09-15 21:21 Steve Grubb
  2014-09-15 23:25 ` Josh
  0 siblings, 1 reply; 3+ messages in thread
From: Steve Grubb @ 2014-09-15 21:21 UTC (permalink / raw)
  To: linux-audit

Hello,

Recently I run across a problem where the events being sent by a program that 
enrolls users and groups was found to be not sending the right events. Some of 
the events were correct, some were wrong. In wanting to correct this problem 
(and write verification suites later) I thought it might be nice to have some 
specifications written up so that there is a common understanding that may be 
referred to. This will allow correction of misbehaving programs and people to 
better understand what this handful of events mean in a larger context.

The document was added to the audit project page. A direct link can be found 
here:

http://people.redhat.com/sgrubb/audit/user-account-lifecycle.txt

I would appreciate feedback and/or comments. I will also try to write up a 
couple other areas that need some clarification in the near future.

-Steve

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: User Account Lifecycle Auditing Specification
  2014-09-15 21:21 User Account Lifecycle Auditing Specification Steve Grubb
@ 2014-09-15 23:25 ` Josh
  2014-09-16  0:12   ` Steve Grubb
  0 siblings, 1 reply; 3+ messages in thread
From: Josh @ 2014-09-15 23:25 UTC (permalink / raw)
  To: linux-audit

On Sep 15, 2014, at 5:21 PM, Steve Grubb <sgrubb@redhat.com> wrote:
> 
> Hello,
> 
> Recently I run across a problem where the events being sent by a program that 
> enrolls users and groups was found to be not sending the right events. Some of 
> the events were correct, some were wrong. In wanting to correct this problem 
> (and write verification suites later) I thought it might be nice to have some 
> specifications written up so that there is a common understanding that may be 
> referred to. This will allow correction of misbehaving programs and people to 
> better understand what this handful of events mean in a larger context.
> 
> The document was added to the audit project page. A direct link can be found 
> here:
> 
> http://people.redhat.com/sgrubb/audit/user-account-lifecycle.txt
> 
> I would appreciate feedback and/or comments. I will also try to write up a 
> couple other areas that need some clarification in the near future.
> 
> -Steve

Thanks for putting this together!

“The creation of a group mapping by adding a line to /etc/group should results in the creation of an AUDIT_ADD_GROUP event.” sounds weird. Perhaps you mean "The creation of a group mapping by adding a line to /etc/group should result in the creation of an AUDIT_ADD_GROUP event.”

"This will also allow for test suites to be created to spot problems with thsi common understanding of how the system should behave so that apps are corrected.” has a typo. Should be "This will also allow for test suites to be created to spot problems with this common understanding of how the system should behave so that apps are corrected.”

Thanks,
-josh

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: User Account Lifecycle Auditing Specification
  2014-09-15 23:25 ` Josh
@ 2014-09-16  0:12   ` Steve Grubb
  0 siblings, 0 replies; 3+ messages in thread
From: Steve Grubb @ 2014-09-16  0:12 UTC (permalink / raw)
  To: linux-audit

On Monday, September 15, 2014 07:25:16 PM Josh wrote:
> On Sep 15, 2014, at 5:21 PM, Steve Grubb <sgrubb@redhat.com> wrote:
> > Recently I run across a problem where the events being sent by a program
> > that enrolls users and groups was found to be not sending the right
> > events. Some of the events were correct, some were wrong. In wanting to
> > correct this problem (and write verification suites later) I thought it
> > might be nice to have some specifications written up so that there is a
> > common understanding that may be referred to. This will allow correction
> > of misbehaving programs and people to better understand what this handful
> > of events mean in a larger context.
> > 
> > The document was added to the audit project page. A direct link can be
> > found here:
> > 
> > http://people.redhat.com/sgrubb/audit/user-account-lifecycle.txt
> > 
> > I would appreciate feedback and/or comments. I will also try to write up a
> > couple other areas that need some clarification in the near future.
> 
> Thanks for putting this together!
> 
> “The creation of a group mapping by adding a line to /etc/group should
> results in the creation of an AUDIT_ADD_GROUP event.” sounds weird. Perhaps
> you mean "The creation of a group mapping by adding a line to /etc/group
> should result in the creation of an AUDIT_ADD_GROUP event.”

Fixed

> "This will also allow for test suites to be created to spot problems with
> thsi common understanding of how the system should behave so that apps are
> corrected.” has a typo. Should be "This will also allow for test suites to
> be created to spot problems with this common understanding of how the
> system should behave so that apps are corrected.”

And fixed. Thanks for the comments. I typically massage text like this a couple 
weeks before going public. But in this case, I have to fix the offending 
software immediately and need to get this out. I will be updating the file over 
the next day or two to smooth the explanations as I forget what I meant. :-)

-Steve


--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-09-16  0:12 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-15 21:21 User Account Lifecycle Auditing Specification Steve Grubb
2014-09-15 23:25 ` Josh
2014-09-16  0:12   ` Steve Grubb

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.