Miloslav Trmač wrote:
Jesse Keating píše v Ne 07. 12. 2008 v 15:05 -0800:On Mon, 2008-12-08 at 10:03 +1100, Andrew Bartlett wrote:Perhaps I'm a bit slow this morning, but vipw is forbidden but vi /etc/passwd isn't?I think he means "forbidden by policy" in which using anything /but/ the audit-able tools is "forbidden by policy". If you're expecting everybody to follow policy, why not just set policy that says "don't hack this box". That'll work right?
Violations of "don't hack this box" don't generate audit messages that can be manually examined for actual intrusions. Violations of "don't access /etc/shadow manually" do.
Is attempting an access that the kernel routinely prevents considered a violation? That is, if I type 'file /etc/*' on such a system should I expect the black helicopters to start firing? I don't see how accesses that are denied matter to anyone - or why anyone running the shadow-tools utility without permission to access the relevant files should bother anyone either.
-- Les Mikesell lesmikesell gmail com