auditing procmail?
Casey Schaufler
casey at schaufler-ca.com
Wed Feb 23 16:13:46 UTC 2005
--- Valdis.Kletnieks at vt.edu wrote:
> Anybody have any good ideas on what should happen
> for auditing and loginuid
> when Sendmail invokes procmail as a delivery agent,
> and we're running
> essentially arbitrary code as the user from their
> .procmailrc? My gut
> feeling is that this *should* act just like a cron
> job for auditing
> purposes, but the sendmail/procmail interface isn't
> in the least PAM-ified,
> so we can't just toss in a 'session required
> pam_audit.so'...
Since the user can define what goes into the
.procmailrc and since whatever is specified runs
as the user the audit should identify the user
and be treated as a user session. In the days
before delivery agents we still had to deal with
"vacation", and audit that appropriately.
=====
Casey Schaufler
casey at schaufler-ca.com
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
More information about the Linux-audit
mailing list