Re: [redhat-lspp] device_allocator audit records

Fri, 12 May 2006 09:09:14 -0700 

Debora Velarde wrote:
> With the new types added to audit, this is what the message types will be 
> changed to:
> 
> // admin adds a user accessible device to the configuration file
> # dev_allocator_config -a -n cdrom -f /dev/cdrom -c cdrom -m SystemLow -x 
> SystemHigh
> type=USER msg=audit(1146766083.884:9290): user pid=14757 uid=0 auid=0 
> msg='devmgr: device="/dev/cdrom" 
> context="system_u:object_r:unallocated_device_t:SystemLow", device 
> initialized to unallocated state'
> type=USER msg=audit(1146766083.884:9291): user pid=14757 uid=0 auid=0 
> msg='devmgr: configuration file altered'
> // New type to be changed to:
> // #define AUDIT_USYS_CONFIG       1111    /* User space system config 
> change */
> 
> 
> // allocate device
> $ dev_allocator -a /dev/cdrom
> type=USER msg=audit(1146766179.402:9293): user pid=14766 uid=0 auid=501 
> msg='devmgr: device="/dev/cdrom" 
> context="system_u:object_r:removable_device_t:SystemLow", device 
> allocated'
> // New type to be changed to:
> // #define AUDIT_DEV_ALLOCATION      2307
>
> 
> // unallocate the device
> $ dev_allocator -u /dev/cdrom
> type=USER msg=audit(1146513843.584:8139): user pid=27579 uid=0 auid=501 
> msg='devmgr: device="/dev/cdrom" 
> context="system_u:object_r:unallocated_device_t:SystemLow", device 
> unallocated'
> // New type to be changed to:
> 
>>#define AUDIT_DEV_DEALLOCATION   2308

If you change from USER message types to specific AUDIT_DEV_ALLOCATION
and AUDIT_DEV_DEALLOCATION message types, do you still need the
"device allocated" and "device deallocated" parts of the record?
I suppose it doesn't hurt but now it seems a bit redundant.
> 
> 
> 
> // admin deletes the device from the configuration file
> # dev_allocator_config -d -n cdrom -f /dev/cdrom
> type=USER msg=audit(1146766993.245:9296): user pid=14829 uid=0 auid=0 
> msg='devmgr: device="/dev/cdrom" 
> context="system_u:object_r:removable_device_t:SystemLow", device released 
> from management'
> type=USER msg=audit(1146766993.249:9297): user pid=14829 uid=0 auid=0 
> msg='devmgr: configuration file altered'
> // New type to be changed to:
> // #define AUDIT_USYS_CONFIG       1111    /* User space system config 
> change */
> 
> 
> 
> --
> redhat-lspp mailing list
> [email protected]
> https://www.redhat.com/mailman/listinfo/redhat-lspp

--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp

Reply via email to