Getting the user ID in log messages...

Levine, Daniel J. Daniel.Levine at jhuapl.edu
Thu Jun 10 12:17:00 UTC 2004 

Russell,

Thanks, I managed to figure that out from the "Getting Started with SELinux
HOWTO" from the adding a user section.  For a standalone system, I can see
how this is no big deal.  Every time I add a user, I add the user to the
/etc/selinux/users file.  But suppose I have 100 machines, I would need to
add it to 100 systems.  This is why I use NIS to manage my password and
shadow files.  I suppose one homegrown solution would be to put
/etc/selinux/users into an NIS map (users.byname) and periodically (every
half-hour perhaps) have a cron job perform a ypcat users.byname >
/etc/selinux/users.  Is there a standard map one could use or a PAM module
that's aware of such needs.

Suppose I wasn't using something as old as NIS, like OpenLDAP, is there a
standard mechanism for putting this information into its databases?  And if
not, should there be one?

Perhaps my problem is simpler to solve than this.  All I really need is the
user ID of the person who logged in to the system.  This identifies whose
account was used to perpetrate the illegal access.  Could the user ID number
and user name be added to the log messages when violations occur?  The id
command seems to have the information it needs, perhaps the SELinux logger
does too?  Otherwise, I'd need to do something like I mention above.  I'm
not really interested in whether the context has the user name.  That was
just a way of using what seemed to be a built-in capability if I had set
things up right.  I have no real problem with users running around as
user_u:user_r:user_t in the system.  I just need to know which user to start
talking to when I see they are poking around the system.

Daniel J. Levine
Section Supervisor
Johns Hopkins University
Applied Physics Laboratory
443-778-3952 240-228-3952

-----Original Message-----
From: Russell Coker [mailto:russell at coker.com.au]
Sent: Thursday, June 10, 2004 2:10 AM
To: fedora-selinux-list at redhat.com
Cc: Levine, Daniel J.
Subject: Re: Getting the user ID in log messages...

On Thu, 10 Jun 2004 01:02, "Levine, Daniel J." <Daniel.Levine at jhuapl.edu>
wrote:
> Explanation of log file messages) the example show the following scontext:
>
> scontext: faye:user_r:user_t
>
> This is great, as I would know to contact the user faye and ask about the
> situation.  But on my Fedora Core 2 machine, my /var/log/messages
produces:
>
> scontext: user_u:user_r:user_t

In your users file in the SE Linux policy you need the following:
user dan roles user_r;

Then run "make load".

--
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

More information about the fedora-selinux-list mailing list