[redhat-lspp] aide report output
Matt Anderson
mra at hp.com
Mon May 14 23:50:21 UTC 2007
I was playing around with the SELinux aware aide, and it seems that
although it is able to notice a difference in MLS/MCS context changes it
does not report those changes.
You will still get an audit event that there was a modified file, but
the report output says this:
--------------------------------------------------
Detailed information about changes:
---------------------------------------------------
File: /usr/local/eal4_testing/audit-test/trustedprograms/aide-testfile
Ctime : 2007-05-14 19:31:39 , 2007-05-14 19:31:44
SELinux : staff_u:object_r:lspp_test_outpu ,
staff_u:object_r:lspp_test_outpu
It looks like the report output is limited to 32 characters per context
which doesn't seem detailed to me. This isn't blocking our evaluation,
but just seems like it makes the aide report less than useful.
-matt
More information about the redhat-lspp
mailing list