Le Mon, 17 Aug 2015 11:21:45 +0200, intrigeri <[email protected]> a écrit :
> Hi, > > Laurent Bigonville wrote (17 Aug 2015 08:58:52 GMT) : > > Le Mon, 17 Aug 2015 10:37:00 +0200, > > intrigeri <[email protected]> a écrit : > > Sorry for not replying earlier. > > No problem, thanks for replying. > > > The problem might be IIRC that the auditd daemon itself check the > > mode/owner/group of the files on disk before starting. I do not > > remembrer all the details though. > > Sorry, I should have been clearer. I've tested that this combination > works just fine on current sid: > > * log_group = adm > * dpkg-statoverride --update --add root adm 750 audit Oh OK, interesting. > > > We need the check that by changing this we are not loosing some > > kind of US gouvernement certifications if we really care about this > > (auditd daemon follows some gouvernement > > recommendations/certification). > > Is there any practical value in complying to such recommendations in > a single package, as long as the underlying base OS does not? (I > suspect not, but that's a genuine question, not a rhetorical one: > I have actually no idea how these things work, nor whether we have any > Debian users who care about that.) I'm not too sure either to be honest. > > > Maybe you could ask on the [email protected] mailing list? > > Yes, I can do that if needed, once we've clarified whether that's > a goal worth pursuing (otherwise there's no point). I've no strong feeling about this. But I would be interested to see if upstream has something to say about this. Cheers, Laurent Bigonville > Cheers,
