From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Subject: Re: User Account Lifecycle Auditing Specification
Date: Mon, 15 Sep 2014 20:12:52 -0400 [thread overview]
Message-ID: <4213951.tvPjimXcSz@x2> (raw)
In-Reply-To: <2D672B81-6F01-4AC0-B400-1987FE058E49@gmail.com>
On Monday, September 15, 2014 07:25:16 PM Josh wrote:
> On Sep 15, 2014, at 5:21 PM, Steve Grubb <sgrubb@redhat.com> wrote:
> > Recently I run across a problem where the events being sent by a program
> > that enrolls users and groups was found to be not sending the right
> > events. Some of the events were correct, some were wrong. In wanting to
> > correct this problem (and write verification suites later) I thought it
> > might be nice to have some specifications written up so that there is a
> > common understanding that may be referred to. This will allow correction
> > of misbehaving programs and people to better understand what this handful
> > of events mean in a larger context.
> >
> > The document was added to the audit project page. A direct link can be
> > found here:
> >
> > http://people.redhat.com/sgrubb/audit/user-account-lifecycle.txt
> >
> > I would appreciate feedback and/or comments. I will also try to write up a
> > couple other areas that need some clarification in the near future.
>
> Thanks for putting this together!
>
> “The creation of a group mapping by adding a line to /etc/group should
> results in the creation of an AUDIT_ADD_GROUP event.” sounds weird. Perhaps
> you mean "The creation of a group mapping by adding a line to /etc/group
> should result in the creation of an AUDIT_ADD_GROUP event.”
Fixed
> "This will also allow for test suites to be created to spot problems with
> thsi common understanding of how the system should behave so that apps are
> corrected.” has a typo. Should be "This will also allow for test suites to
> be created to spot problems with this common understanding of how the
> system should behave so that apps are corrected.”
And fixed. Thanks for the comments. I typically massage text like this a couple
weeks before going public. But in this case, I have to fix the offending
software immediately and need to get this out. I will be updating the file over
the next day or two to smooth the explanations as I forget what I meant. :-)
-Steve
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
prev parent reply other threads:[~2014-09-16 0:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-15 21:21 User Account Lifecycle Auditing Specification Steve Grubb
2014-09-15 23:25 ` Josh
2014-09-16 0:12 ` Steve Grubb [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4213951.tvPjimXcSz@x2 \
--to=sgrubb@redhat.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.