Auditing file access
Eric Howard
3vnkz6u02 at sneakemail.com
Mon Nov 14 20:11:02 UTC 2005
Following up on some instructions I found in the list archives (posted by Stephen Smalley), I set up the following policy (local.te) for a stock RHEL AS 4 build (using the targeted policy source)
# Allow all user domains to create and modify these files.
allow userdomain audited_file_t:dir create_dir_perms;
allow userdomain audited_file_t:{ file lnk_file } create_file_perms;
# Audit all accesses by user domains to these files.
auditallow userdomain audited_file_t:{ dir file lnk_file } *
I also set my grub.conf to set audit=1 and also set 'auditctl -e 1'
I created a directory off of root called /testdir and assigned it the following context: user_u:object_r:audited_file_t
I was hoping that all file activity in this directory would be logged but this does not seem to be happening. Is there something I am missing?
Thanks!
Eric Howard
More information about the fedora-selinux-list
mailing list