[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] File and folder access auditing, how?


On 2/4/06, Crispin Cowan <crispin@xxxxxxxxxx> wrote:
> HG wrote:
> > Perhaps a different thing, but I just heard from another source that I
> > should look at SELinux... is that included with Pro 9.2 or the latter?
> > And does that somehow relate to file access auditing?
> >
> 9.2 had some bits and pieces of SELinux in it, but never really fully
> supported it.

Ok, then I think I won't even try it now as I antissipate move the 10.X.

> With 10.0 onward, we have completely removed SELinux, and replaced it

No wonder I didn't find anything about from my home computer...

> AppArmor and SELinux are access control systems, which are kinda related
> to audit systems, but not exactly the same:

I know.

> So whether to blend an access control system with an audit system is
> something of an architectural question we are still working on.

I hope you can find something on that - many corporate security
policies require file auditing and currently it seems that linux
doesn't provide tools for this.

> AppArmor is included in SL10.0, SL10.1, and SLES9SP3. I'm less sure of
> where the audit systems are included, but I would suspect all of them.

I tried AppArmour briefly on SUSE 10.0, but I really didn't get much
out of it. I thought that it was somehow cripled...

How about the future (of AppArmour and auditing) on the OSS version?
Or even the freely available SUSE (what used to be the Professional)?


Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here