Proof of concept patch, add dropping privileges to a non root user
Steve Grubb
sgrubb at redhat.com
Tue Oct 20 16:34:33 UTC 2009
On Tuesday 20 October 2009 10:07:30 am corentin.labbe wrote:
> This is a patch that add a -u parameter to auditd.
That would perhaps change a bunch of things in auditd file permissions.
> This parameter permit to auditd to drop to an unprivilegied UID after
> initialization.
Have you checked to see if these things still work:
* service auditd rotate, and do you get a DAEMON_ROTATE record filled in?
* service auditd reload, and do you get a DAEMON_RECONFIG record filled in?
* service auditd stop, and do you get a DAEMON_END record filled in?
* If you increase the priority in auditd.conf and run service auditd reload,
does it work?
*Does space_left_action still work for email, single, and halt options?
* Can you still change tcp_listen_port to another privileged port and service
auditd reload?
* What about the kerberos options?
Just curious if these scenarios were checked. :)
-Steve
More information about the Linux-audit
mailing list