On Thu, 2005-06-30 at 12:05 -0500, Rix, Tom wrote:
Does SELinux provide the level of auditing required by DSS NISPOM
chapter 8, legal and illegal rwx accesses?
Are there any resources (HOWTO’s) on how SELinux can be applied to
meeting any of the Chapter 8 requirements?
SELinux itself only deals with auditing of MAC permission checks. By
default, it audits all MAC permission denials (but specific ones can be
suppressed via dontaudit rules to avoid noise) and it can also be
configured to audit specific allowed permissions via auditallow rules
(e.g. to ensure that certain events like policy loads are always
audited).
The Linux 2.6 kernel provides an audit framework with more general
auditing functionality, and a fair amount of work has gone into
enhancing that functionality - see the linux-audit mailing list:
http://www.redhat.com/mailman/listinfo/linux-audit
If you want to experiment with some of that general auditing
functionality, you might try Fedora Core 4 and its 'audit' package.
That functionality should be included in an update to RHEL4, iirc.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.