[PATCH] audit: file system auditing based on location and name
Arjan van de Ven
arjan at infradead.org
Fri Jul 8 05:33:15 UTC 2005
> > [foo at liltux /]$ cat /etc/shadow
> > cat: /etc/shadow: Permission denied
>
> Additionally, the apps would need to either be rewritten to create
> the files under the audited context, or policy would have to cause all
> files created by those apps to be under the audited context. Neither
> one of those options is satisfactory
why not?
If your /etc/shadow has no selinux context you've lost already :0
More information about the Linux-audit
mailing list