/var/log/audit ownership/permissions
Steve Grubb
sgrubb at redhat.com
Thu Jul 21 13:55:07 UTC 2016
On Thursday, July 21, 2016 11:48:04 AM EDT Ondrej Moris wrote:
> Hi, I noticed that in 2.6.5 /var/log/audit permission were dropped from
> 750 to 600.
The directory should be 0750 or 0700 depending on your config. 0600 would be a
mistake.
> I am fine with that but while I see the motivation [1], I
> just cannot find where is that happening in the code.
https://fedorahosted.org/audit/browser/trunk/src/auditd-event.c#L886
> Besides, specfile
> still contains:
>
> %attr(750,root,root) %dir %{_var}/log/audit
Maybe I should take the attr away or modify it to (-,root,-). The group can
change. For example, I have wheel allowed to run audit reports on my system.
> and hence 'rpm -V audit' obviously fails.
Yeah. Hmm.
-Steve
> [1]
> http://post-office.corp.redhat.com/archives/tech-list/2016-May/msg00468.html
>
> --
> Ondrej
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
More information about the Linux-audit
mailing list