Mailinglist Archive: opensuse-security (81 mails)

< Previous Next >
Re: [suse-security] File and folder access auditing, how?
  • From: HG <hg.list@xxxxxxxxx>
  • Date: Tue, 7 Feb 2006 21:55:21 +0200
  • Message-id: <6f133dde0602071155n1da378c6n281aa762698d19b1@xxxxxxxxxxxxxx>
Hello!

On 2/4/06, Crispin Cowan <crispin@xxxxxxxxxx> wrote:
> HG wrote:
> > Perhaps a different thing, but I just heard from another source that I
> > should look at SELinux... is that included with Pro 9.2 or the latter?
> > And does that somehow relate to file access auditing?
> >
> 9.2 had some bits and pieces of SELinux in it, but never really fully
> supported it.

Ok, then I think I won't even try it now as I antissipate move the 10.X.

> With 10.0 onward, we have completely removed SELinux, and replaced it

No wonder I didn't find anything about from my home computer...

> AppArmor and SELinux are access control systems, which are kinda related
> to audit systems, but not exactly the same:

I know.

> So whether to blend an access control system with an audit system is
> something of an architectural question we are still working on.

I hope you can find something on that - many corporate security
policies require file auditing and currently it seems that linux
doesn't provide tools for this.

> AppArmor is included in SL10.0, SL10.1, and SLES9SP3. I'm less sure of
> where the audit systems are included, but I would suspect all of them.

I tried AppArmour briefly on SUSE 10.0, but I really didn't get much
out of it. I thought that it was somehow cripled...

How about the future (of AppArmour and auditing) on the OSS version?
Or even the freely available SUSE (what used to be the Professional)?

--
HG.

< Previous Next >