User Account Lifecycle Auditing Specification
Josh
jokajak at gmail.com
Mon Sep 15 23:25:16 UTC 2014
On Sep 15, 2014, at 5:21 PM, Steve Grubb <sgrubb at redhat.com> wrote:
>
> Hello,
>
> Recently I run across a problem where the events being sent by a program that
> enrolls users and groups was found to be not sending the right events. Some of
> the events were correct, some were wrong. In wanting to correct this problem
> (and write verification suites later) I thought it might be nice to have some
> specifications written up so that there is a common understanding that may be
> referred to. This will allow correction of misbehaving programs and people to
> better understand what this handful of events mean in a larger context.
>
> The document was added to the audit project page. A direct link can be found
> here:
>
> http://people.redhat.com/sgrubb/audit/user-account-lifecycle.txt
>
> I would appreciate feedback and/or comments. I will also try to write up a
> couple other areas that need some clarification in the near future.
>
> -Steve
Thanks for putting this together!
“The creation of a group mapping by adding a line to /etc/group should results in the creation of an AUDIT_ADD_GROUP event.” sounds weird. Perhaps you mean "The creation of a group mapping by adding a line to /etc/group should result in the creation of an AUDIT_ADD_GROUP event.”
"This will also allow for test suites to be created to spot problems with thsi common understanding of how the system should behave so that apps are corrected.” has a typo. Should be "This will also allow for test suites to be created to spot problems with this common understanding of how the system should behave so that apps are corrected.”
Thanks,
-josh
More information about the Linux-audit
mailing list