From: LC Bruzenak <lenny@magitekltd.com>
To: linux-audit@redhat.com
Subject: Re: [PATCH 7/7] audit: audit feature to set loginuid immutable
Date: Tue, 09 Jul 2013 18:51:43 -0500 [thread overview]
Message-ID: <51DCA20F.6020309@magitekltd.com> (raw)
In-Reply-To: <1453848.WlUzMfBVNC@x2>
On 07/09/2013 05:24 PM, Steve Grubb wrote
...
I don't think anyone has plans to write those tools at the moment. That would
be ideal. But even in the case where audit rules don't get loaded, there are
audit events generated by the MAC systems and some hard coded kernel events
and user space events. It would be nice to know they are not tampered with.
...
Question - from the title I had thought this was a good thing. But wasn't loginuid (and subsequently auid) already immutable?
Sorry; just not certain what this change does for the average guy...
Thx,
LCB
--
LC (Lenny) Bruzenak
lenny@magitekltd.com
next prev parent reply other threads:[~2013-07-09 23:51 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-24 16:11 [PATCH 1/7] audit: implement generic feature setting and retrieving Eric Paris
2013-05-24 16:11 ` [PATCH 2/7] selinux: apply selinux checks on new audit message types Eric Paris
2013-05-24 16:11 ` [PATCH 3/7] audit: loginuid functions coding style Eric Paris
2013-05-24 16:11 ` [PATCH 4/7] audit: remove CONFIG_AUDIT_LOGINUID_IMMUTABLE Eric Paris
2013-05-24 16:11 ` [PATCH 5/7] audit: allow unsetting the loginuid (with priv) Eric Paris
2013-05-24 16:11 ` [PATCH 6/7] audit: audit feature to only allow unsetting the loginuid Eric Paris
2013-05-24 16:11 ` [PATCH 7/7] audit: audit feature to set loginuid immutable Eric Paris
2013-07-08 20:34 ` Steve Grubb
2013-07-08 20:51 ` Eric Paris
2013-07-08 21:26 ` Steve Grubb
2013-07-08 21:32 ` Eric Paris
2013-07-09 22:24 ` Steve Grubb
2013-07-09 23:51 ` LC Bruzenak [this message]
2013-07-10 13:46 ` Steve Grubb
2013-07-10 14:32 ` LC Bruzenak
2013-07-10 18:16 ` Eric Paris
2013-07-10 18:51 ` LC Bruzenak
2013-07-10 19:02 ` LC Bruzenak
2013-07-10 19:09 ` Eric Paris
2013-05-24 16:28 ` [PATCH 1/7] audit: implement generic feature setting and retrieving Eric Paris
2013-05-24 20:41 ` William Roberts
2013-05-24 20:56 ` William Roberts
2013-05-30 17:20 ` Richard Guy Briggs
2013-07-08 20:28 ` Steve Grubb
2013-07-08 21:55 ` Eric Paris
2013-07-09 1:18 ` William Roberts
2013-07-09 18:30 ` Steve Grubb
2013-07-09 20:59 ` Eric Paris
2013-07-09 22:08 ` Steve Grubb
2013-11-02 7:26 ` Richard Guy Briggs
2013-11-02 14:44 ` Eric Paris
2014-08-22 21:58 ` Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51DCA20F.6020309@magitekltd.com \
--to=lenny@magitekltd.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.