Sanity Check on Audit

Harry Hoffman hhoffman at ip-solutions.net
Thu Feb 6 17:37:34 UTC 2014


Mark,

That's not quite accurate. SELinux controls can be enabled to neuter
root's power.

Cheers,
Harry


On 02/06/2014 10:12 AM, m.roth at 5-cent.us wrote:
> postmaster at ronno.nl wrote:
>> Paul,
>>
>> For "Anyone" it wouldn't be a problem, but a root user is allowed to do
>> anything.
>>
>> So a root is always be able to stop a process on the system.
>>
>> Think of a solution to lock ssh access (sshd_config) for everyone, but
>> you.
>>
>> And even this is no 100% solution.
>>
> And two cents from someone who's really isn't deeply into selinx: a root
> user could always
> $ echo 0 >/selinux/enforce
> and then, with selinux in permissive mode, could do anything root could
> normally do (i.e., anything).
> 
>        mark
> 




More information about the redhat-list mailing list