Re: [redhat-lspp] device_allocator audit records

Thu, 11 May 2006 17:05:33 -0700 

Steve Grubb <[EMAIL PROTECTED]> wrote on 05/04/2006 12:07:32 PM:

> On Thursday 04 May 2006 14:51, Debora Velarde wrote:
> > Below are some sample audit records generated by device_allocator.
> 
> They are USER messages. I think they should have a different type than 
that. 
> 

Below are the message types that I am planning to change the 
device_allocator records to.
Unless you would prefer to put new message types specific to 
device_allocator inside libaudit.h.

// admin adds a user accessible device to the configuration file
# dev_allocator_config -a -n cdrom -f /dev/cdrom -c cdrom -m SystemLow -x 
SystemHigh
type=USER msg=audit(1146766083.884:9290): user pid=14757 uid=0 auid=0 
msg='devmgr: device="/dev/cdrom" 
context="system_u:object_r:unallocated_device_t:SystemLow", device 
initialized to unallocated state'
type=USER msg=audit(1146766083.884:9291): user pid=14757 uid=0 auid=0 
msg='devmgr: configuration file altered'
// New type to be changed to:
// #define AUDIT_USYS_CONFIG       1111    /* User space system config 
change */


// allocate device
$ dev_allocator -a /dev/cdrom
type=USER msg=audit(1146766179.402:9293): user pid=14766 uid=0 auid=501 
msg='devmgr: device="/dev/cdrom" 
context="system_u:object_r:removable_device_t:SystemLow", device 
allocated'
// New type to be changed to:
// #define AUDIT_CRED_ACQ          1103    /* User space credential 
acquired */


// unallocate the device
$ dev_allocator -u /dev/cdrom
type=USER msg=audit(1146513843.584:8139): user pid=27579 uid=0 auid=501 
msg='devmgr: device="/dev/cdrom" 
context="system_u:object_r:unallocated_device_t:SystemLow", device 
unallocated'
// New type to be changed to:
// #define AUDIT_CRED_DISP         1104    /* User space credential 
disposed */


// admin deletes the device from the configuration file
# dev_allocator_config -d -n cdrom -f /dev/cdrom
type=USER msg=audit(1146766993.245:9296): user pid=14829 uid=0 auid=0 
msg='devmgr: device="/dev/cdrom" 
context="system_u:object_r:removable_device_t:SystemLow", device released 
from management'
type=USER msg=audit(1146766993.249:9297): user pid=14829 uid=0 auid=0 
msg='devmgr: configuration file altered'
// New type to be changed to:
// #define AUDIT_USYS_CONFIG       1111    /* User space system config 
change */


--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp

Reply via email to