audit on Fedora Core 5
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Thu Mar 23 19:23:03 UTC 2006
On Thu, 23 Mar 2006 08:42:46 EST, John D. Ramsdell said:
> were not installed. You'd think that both audit and emacs would be
> part of the base system, independent of what options are specified.
Make the business case for it. What percent of users need/want Emacs?
What percent of users need/want audit? (Hint - I'll bet there at least
an order of magnitude, possibly two entire orders, more OpenOffice users
than Emacs users). If they aren't *asking* for it, what features do the
packages provide that make it worth the added overhead? (Let 'yum' suck
down a copy of an emacs-sized RPM over a less-than-blazing net connection
sometime, and you'll understand the desire to minimize the number of things
installed by default).
In particular, I can make the case that audit should *not* be installed by
default on any box that has SELinux enabled by default - if auditd isn't running,
then SELinux AVC messages will end up in the syslog where most people expect to
find them, in a format that they can use grep and similar to deal with. If auditd
is running, suddenly those messages are in their own file in /var/log/audit/,
and they need to learn about ausearch and friends.....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20060323/c5ccf20c/attachment.sig>
More information about the Linux-audit
mailing list