LSPP Requirement Specifically for Auditing
Matt Anderson
mra at hp.com
Mon Oct 10 21:39:16 UTC 2005
Linda Knippers wrote:
>>>>7.6 newrole made into suid program so that it can send audit messages
>>>>
>>>>Isn't this also an issue for trusted printing?
>>
>>
>>Looking at my system, cupsd is running as root. It therefore has the
>>capability needed to send audit messages.
>
>
> I seem to recall Matt thinking that we need to be able to post audit
> events by components of cups other than cupds.
>
> Matt, am I remembering this correctly?
Yes, however it looks like they shouldn't be problem here.
Other than auditing the print job's label, and auditing the overriding
of those labels, the remaining auditable events are actions that the
system administrator would take. Specifically, changing the label range
of the output devices, and going between printing unlabeled and labeled
information over an output device. Capabilities will be needed for
those actions, and will be sufficient to generate the audit events
covering them.
-matt
More information about the Linux-audit
mailing list