I was playing around with the SELinux aware aide, and it seems that although it is able to notice a difference in MLS/MCS context changes it does not report those changes.
You will still get an audit event that there was a modified file, but the report output says this: -------------------------------------------------- Detailed information about changes: --------------------------------------------------- File: /usr/local/eal4_testing/audit-test/trustedprograms/aide-testfile Ctime : 2007-05-14 19:31:39 , 2007-05-14 19:31:44 SELinux : staff_u:object_r:lspp_test_outpu , staff_u:object_r:lspp_test_outpu It looks like the report output is limited to 32 characters per context which doesn't seem detailed to me. This isn't blocking our evaluation, but just seems like it makes the aide report less than useful. -matt -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
