[RFC] audit.spec: create audit group for log read access
Enzo Matsumiya
ematsumiya at suse.de
Wed Jan 20 21:39:11 UTC 2021
On 01/20, Steve Grubb wrote:
>This might go against the DISA STIG, but otherwise this is using the audit
>system as intended.
Ah yes, you're right. I checked and it seems so for RH, but not for SUSE.
Good catch, though.
>I consider the audit.spec file to be an example to help others with packaging.
>But I'm not entirely sure if it's 100% in sync with Fedora since they make
>arbitrary policy changes like removing gcc and make from the build root which
>then causes specfile updates. If you want to submit a patch, feel free. I
>would apply it as an example to others.
Thanks. We also have some modifications to the specfile.
So what I'm getting from your reply is it's up to the OS vendor to provide,
or not, such modification -- i.e. it's more of a general OS problem than audit's
problem. Is that correct?
>Best Regards,
>-Steve
Cheers,
Enzo
More information about the Linux-audit
mailing list