[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] File and folder access auditing, how?



Hello!

On 2/4/06, Crispin Cowan <crispin@xxxxxxxxxx> wrote:
> HG wrote:
> > Perhaps a different thing, but I just heard from another source that I
> > should look at SELinux... is that included with Pro 9.2 or the latter?
> > And does that somehow relate to file access auditing?
> >
> 9.2 had some bits and pieces of SELinux in it, but never really fully
> supported it.

Ok, then I think I won't even try it now as I antissipate move the 10.X.

> With 10.0 onward, we have completely removed SELinux, and replaced it

No wonder I didn't find anything about from my home computer...

> AppArmor and SELinux are access control systems, which are kinda related
> to audit systems, but not exactly the same:

I know.

> So whether to blend an access control system with an audit system is
> something of an architectural question we are still working on.

I hope you can find something on that - many corporate security
policies require file auditing and currently it seems that linux
doesn't provide tools for this.

> AppArmor is included in SL10.0, SL10.1, and SLES9SP3. I'm less sure of
> where the audit systems are included, but I would suspect all of them.

I tried AppArmour briefly on SUSE 10.0, but I really didn't get much
out of it. I thought that it was somehow cripled...

How about the future (of AppArmour and auditing) on the OSS version?
Or even the freely available SUSE (what used to be the Professional)?

--
HG.

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here