A scriptable utility for setting auid
Matthew Booth
mbooth at redhat.com
Tue Feb 20 21:29:25 UTC 2007
I needed a way to exclude a very large class of audit traffic [1] in
RHEL 4. It occurred to me that if I could launch a process and give it
the auid of a dedicated user, I could easily filter it out along with
all child processes. With this in mind I wrote the attached simple
wrapper round the audit_setloginuid. It sets its own auid to whatever
you give it, then execs a command.
I'm assuming that this would be better achieved in RHEL 5 using selinux
context filtering. However, I hope to use this tool to achieve useful
auditing on an Oracle RAC node on RHEL 4.
Matt
[1] It turns out that Oracle CSSD, which maintains cluster membership,
is a somewhat retarded shell script. Amongst many other things, it execs
both bash and awk about 8 times per second.
--
Red Hat, Global Professional Services
M: +44 (0)7977 267231
GPG ID: D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ausetauid.c
Type: text/x-csrc
Size: 1738 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20070220/3a1cc49b/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20070220/3a1cc49b/attachment.sig>
More information about the Linux-audit
mailing list