Problem meeting FAU_SEL with trusted programs
Linda Knippers
linda.knippers at hp.com
Mon Feb 13 19:15:51 UTC 2006
>> It seems like other trusted programs (at least cron) will also have this
>> problem of a server generating messages on behalf of a user and needing
>> to pass audit records into the kernel with that user's information.
>
> Cron doesn't generate any messages to the kernel. The kernel observes any
> violation and records it with the right credentials.
I was wondering about the case where the cron job generates an
audit record but I just tried an experiment and crond uses pam to
set the auid for the cron job so any audit records issued by the cron
job have an auid that matches the user's uid. I wonder if cups
could/should do something similar.
-- ljk
More information about the Linux-audit
mailing list