* AUDIT(C) - Group/Role addition, deletion modification
@ 2017-07-14 20:52 warron.french
2017-07-14 20:56 ` Steve Grubb
0 siblings, 1 reply; 3+ messages in thread
From: warron.french @ 2017-07-14 20:52 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 441 bytes --]
Same as AUDIT(B) only for roles and groups?
Simply put a watch rule on /etc/group and /etc/gshadow?
Is that really enough? Do I also monitor the executables for /bin/passwd,
/sbin/{groupadd, groupdel, groupmod, usermod}?
Usermod, because technically, you can affect memberships of a user with
this command and also useradd?
Is *that *suitable?
Is there an appropriate syscall for AUDIT(C)?
--------------------------
Warron French
[-- Attachment #1.2: Type: text/html, Size: 842 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: AUDIT(C) - Group/Role addition, deletion modification
2017-07-14 20:52 AUDIT(C) - Group/Role addition, deletion modification warron.french
@ 2017-07-14 20:56 ` Steve Grubb
2017-07-14 21:21 ` warron.french
0 siblings, 1 reply; 3+ messages in thread
From: Steve Grubb @ 2017-07-14 20:56 UTC (permalink / raw)
To: linux-audit
On Friday, July 14, 2017 4:52:36 PM EDT warron.french wrote:
> Same as AUDIT(B) only for roles and groups?
Also hardwired. See the user account specification.
-Steve
> Simply put a watch rule on /etc/group and /etc/gshadow?
>
> Is that really enough? Do I also monitor the executables for /bin/passwd,
> /sbin/{groupadd, groupdel, groupmod, usermod}?
>
> Usermod, because technically, you can affect memberships of a user with
> this command and also useradd?
>
>
> Is *that *suitable?
>
> Is there an appropriate syscall for AUDIT(C)?
>
>
>
> --------------------------
> Warron French
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: AUDIT(C) - Group/Role addition, deletion modification
2017-07-14 20:56 ` Steve Grubb
@ 2017-07-14 21:21 ` warron.french
0 siblings, 0 replies; 3+ messages in thread
From: warron.french @ 2017-07-14 21:21 UTC (permalink / raw)
To: Steve Grubb; +Cc: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 784 bytes --]
Understood, thank you.
--------------------------
Warron French
On Fri, Jul 14, 2017 at 4:56 PM, Steve Grubb <sgrubb@redhat.com> wrote:
> On Friday, July 14, 2017 4:52:36 PM EDT warron.french wrote:
> > Same as AUDIT(B) only for roles and groups?
>
> Also hardwired. See the user account specification.
>
> -Steve
>
> > Simply put a watch rule on /etc/group and /etc/gshadow?
> >
> > Is that really enough? Do I also monitor the executables for
> /bin/passwd,
> > /sbin/{groupadd, groupdel, groupmod, usermod}?
> >
> > Usermod, because technically, you can affect memberships of a user with
> > this command and also useradd?
> >
> >
> > Is *that *suitable?
> >
> > Is there an appropriate syscall for AUDIT(C)?
> >
> >
> >
> > --------------------------
> > Warron French
>
>
>
[-- Attachment #1.2: Type: text/html, Size: 1536 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-07-14 21:21 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-07-14 20:52 AUDIT(C) - Group/Role addition, deletion modification warron.french
2017-07-14 20:56 ` Steve Grubb
2017-07-14 21:21 ` warron.french
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox