file access audits (NISPOM Chapter 8)
Russell Coker
russell at coker.com.au
Thu Aug 5 09:07:54 UTC 2004
On Thu, 5 Aug 2004 04:48, david colbert <davidecolbert at yahoo.com> wrote:
> Does anyone out there have policy config files that
> bring a Fedora Core 2 system into compliance with
> Chapter 8 of Defense Security Service's (DSS) National
> Industrial Security Program Operating Manual (NISPOM)?
Firstly a disclaimer, I have not read that document, so don't take my comments
to mean anything in regard to it.
> The gist of my problem is that I need to get more
> strict access and auditing of any attempted access to
> system files by non-root users. I am trying to get
> selinux to log every failed attempt of every non-root
> user to r/w/x all system files. I can get it working
SE Linux is based on the LSM interface which does not permit this.
If an access is rejected by Unix permissions then LSM is not called and
therefore SE Linux does not even get informed about the access attempt. It's
only if you have Unix permissions be extremely permissive that SE Linux could
audit all failed accesses.
> general_file_read_access(sysadmin_t)
> general_file_write_access(sysadmin_t)
> general_domain_access(sysadmin_t)
Probably you meant to use sysadm_t not sysadmin_t.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list