A scriptable utility for setting auid
Steve Grubb
sgrubb at redhat.com
Sun Feb 25 23:17:42 UTC 2007
On Tuesday 20 February 2007 16:29:25 Matthew Booth wrote:
> I needed a way to exclude a very large class of audit traffic [1] in
> RHEL 4. It occurred to me that if I could launch a process and give it
> the auid of a dedicated user, I could easily filter it out along with
> all child processes. With this in mind I wrote the attached simple
> wrapper round the audit_setloginuid. It sets its own auid to whatever
> you give it, then execs a command.
In general, I don't like the theory that this operates under. It could be
abused and then the audit trail coerced. Could you not achieve this by making
the apps set gid and filtering on the group?
-Steve
More information about the Linux-audit
mailing list