From: Steve Grubb <sgrubb@redhat.com>
To: Lubomir Rintel <lkundrak@v3.sk>
Cc: linux-audit@redhat.com
Subject: Re: [PATCH audit] reconfigure: Apply log_group change
Date: Fri, 25 Jul 2014 09:27:30 -0400 [thread overview]
Message-ID: <2220736.RIJvHNllH8@x2> (raw)
In-Reply-To: <1406289544-24829-1-git-send-email-lkundrak@v3.sk>
Hello Lubomir,
Thanks for the patch...but I think that why this is not currently addressed in
the code is something like this. Let's assume the system has 5 audit logs with
600 root.
If an admin decides to allow a group to read the audit logs, they will have
to:
1) create the group
2) add users to the group
3) change the auditd.conf file
4) chgrp -R group /var/log/audit
5) chmod 0750 /var/log/audit
6) chmod 0640 /var/log/audit/*
7) restart the audit daemon
What this patch does is part of step 4 and 6. It would change audit.log to be
readable, but would leave audit.log.1 -> audit.log.4 untouched. Because
allowing a group requires so many steps, it's always been left as an admin
exercise...just like revoking group access would.
-Steve
On Friday, July 25, 2014 01:59:04 PM Lubomir Rintel wrote:
> Link: https://bugzilla.redhat.com/show_bug.cgi?id=1118313
> Link: https://bugzilla.redhat.com/show_bug.cgi?id=1118262
> ---
> src/auditd-event.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/src/auditd-event.c b/src/auditd-event.c
> index 4fa266e..66dff34 100644
> --- a/src/auditd-event.c
> +++ b/src/auditd-event.c
> @@ -1130,6 +1130,12 @@ static void reconfigure(struct auditd_consumer_data
> *data) // log format
> oconf->log_format = nconf->log_format;
>
> + // log group
> + if (oconf->log_group != nconf->log_group) {
> + oconf->log_group = nconf->log_group;
> + need_reopen = 1;
> + }
> +
> // action_mail_acct
> if (strcmp(oconf->action_mail_acct, nconf->action_mail_acct)) {
> free((void *)oconf->action_mail_acct);
next prev parent reply other threads:[~2014-07-25 13:27 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-25 11:59 [PATCH audit] reconfigure: Apply log_group change Lubomir Rintel
2014-07-25 13:27 ` Steve Grubb [this message]
2014-07-25 14:04 ` Lubomir Rintel
2014-07-25 14:30 ` Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2220736.RIJvHNllH8@x2 \
--to=sgrubb@redhat.com \
--cc=linux-audit@redhat.com \
--cc=lkundrak@v3.sk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.