Daniel J Walsh wrote:
Michael C Thompson wrote:
Daniel J Walsh wrote:
Michael C Thompson wrote:
auditadm_r seems very clearly defined, is anything missing?
I take it that my description of auditadm is pretty solid then, I'm
constructing an entry for the fedora wiki containing the information
we've gleaned from this thread. I'll post it shortly and update
accordingly.
Yes looks good. Now if we can just get /etc/auditd/ created :^)
I've been doing some testing, and have discovered the following factoids:
ausearch & aureport - can be executed by sysadm and secadm, desirable?
(secadm_r @ SystemHigh can successfully parse the log file)
Currently, sysadm_r can't view auditd.conf or audit.rules, which as per
the call, I believe was to be desired... I know we don't have
/etc/auditd/, so this is mostly FYI.
auditadm is unable to affect the running state of the audit daemon
through either /etc/init.d/auditd, service auditd or run_init [one of
the previous two]. On the call it was said auditadm should be able to do
this.
Otherwise, auditadm's privilages and the other roles trying to mimic
them seem to be working as intended.
Thanks,
Mike
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
