Getting the user ID in log messages...
Russell Coker
russell at coker.com.au
Thu Jun 10 13:46:22 UTC 2004
On Thu, 10 Jun 2004 22:17, "Levine, Daniel J." <Daniel.Levine at jhuapl.edu>
wrote:
> Thanks, I managed to figure that out from the "Getting Started with SELinux
> HOWTO" from the adding a user section. For a standalone system, I can see
> how this is no big deal. Every time I add a user, I add the user to the
> /etc/selinux/users file. But suppose I have 100 machines, I would need to
> add it to 100 systems. This is why I use NIS to manage my password and
> shadow files. I suppose one homegrown solution would be to put
> /etc/selinux/users into an NIS map (users.byname) and periodically (every
> half-hour perhaps) have a cron job perform a ypcat users.byname >
> /etc/selinux/users. Is there a standard map one could use or a PAM module
> that's aware of such needs.
There is no standard way of doing this. Maybe you will set the standard if
you do it first! ;)
Having a cron job automatically generate and load a SE Linux policy has it's
own issues as well.
> Suppose I wasn't using something as old as NIS, like OpenLDAP, is there a
> standard mechanism for putting this information into its databases? And if
> not, should there be one?
Probably there should. But we'll need to get an OID assigned for this.
> Perhaps my problem is simpler to solve than this. All I really need is the
> user ID of the person who logged in to the system. This identifies whose
> account was used to perpetrate the illegal access. Could the user ID
> number and user name be added to the log messages when violations occur?
At the moment no. Maybe this is something for the audit facility rather than
SE Linux kernel code.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list