From mboxrd@z Thu Jan  1 00:00:00 1970
From: LC Bruzenak <lenny@magitekltd.com>
Subject: Re: [PATCH 7/7] audit: audit feature to set loginuid immutable
Date: Tue, 09 Jul 2013 18:51:43 -0500
Message-ID: <51DCA20F.6020309@magitekltd.com>
References: <1369411910-13777-1-git-send-email-eparis@redhat.com>
	<7631599.bE25jHDhjZ@x2>
	<1373319151.2395.30.camel@dhcp137-13.rdu.redhat.com>
	<1453848.WlUzMfBVNC@x2>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (ext-mx11.extmail.prod.ext.phx2.redhat.com
	[10.5.110.16])
	by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id r69Npkoh006734
	for <linux-audit@redhat.com>; Tue, 9 Jul 2013 19:51:46 -0400
Received: from mail-ob0-f176.google.com (mail-ob0-f176.google.com
	[209.85.214.176])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r69Npi6C026335
	for <linux-audit@redhat.com>; Tue, 9 Jul 2013 19:51:45 -0400
Received: by mail-ob0-f176.google.com with SMTP id v19so7735274obq.35
	for <linux-audit@redhat.com>; Tue, 09 Jul 2013 16:51:44 -0700 (PDT)
Received: from [192.168.31.11] (108-252-2-157.lightspeed.austtx.sbcglobal.net.
	[108.252.2.157])
	by mx.google.com with ESMTPSA id qa4sm41573523oeb.5.2013.07.09.16.51.43
	for <linux-audit@redhat.com>
	(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Tue, 09 Jul 2013 16:51:43 -0700 (PDT)
In-Reply-To: <1453848.WlUzMfBVNC@x2>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On 07/09/2013 05:24 PM, Steve Grubb wrote

...
I don't think anyone has plans to write those tools at the moment. That would 
be ideal. But even in the case where audit rules don't get loaded, there are 
audit events generated by the MAC systems and some hard coded kernel events 
and user space events. It would be nice to know they are not tampered with.
...


Question - from the title I had thought this was a good thing. But wasn't loginuid (and subsequently auid) already immutable?
Sorry; just not certain what this change does for the average guy...

Thx,
LCB

-- 
LC (Lenny) Bruzenak
lenny@magitekltd.com