log file names (was Additional rule files)
Russell Coker
russell at coker.com.au
Sun Sep 5 10:45:46 UTC 2004
On Sat, 4 Sep 2004 11:12, Erich Schubert <erich at debian.org> wrote:
> The next two rule sets are for the statistic tools "bindgraph" and
> "mailgraph". The first parses bind query logs and does nice graphs out
> of them, the second does the same for postfix+amavis logs.
Do we need to have two different domains for programs that do the same thing?
Both bindgraph and mailgraph can read the same file types as input and their
output can be accessed by cgi-bin scripts. It seems that there is little (if
any) benefit in isolating them.
If we were to assign different types to different log files (may require code
changes in syslogd) then we could deny the mailgraph program the ability to
read log files other than mail.log and deny the bindgraph program the ability
to read mail.log.
Also note that in your policy both those programs can read /var/log/auth.log
(Debian) and /var/log/secure (Fedora). This is not desirable, we probably
should make changes to the syslog setup.
One possible change is greater use of sub-directories in /var/log. We could
have /var/log/security/ for auth.log, secure, and any other security critical
log files and /var/log/mail/ for mail server log files (including POP server,
and maybe webmail), etc. Doing this would allow different types for the log
files with no code changes to syslogd, and this would make it more beneficial
to have separate domains for mailgraph and bindgraph.
I've CC'd this to fedora-selinux and debian-devel because if we make such
changes then we want to get some cross-distribution agreement on file names.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list