Re: [gdm-list] Audit code for GDM

From: Brian Cameron <Brian Cameron Sun COM>
To: Steve Grubb <sgrubb redhat com>
Cc: gdm-list gnome org, Gary Winiger <gww eng sun com>
Subject: Re: [gdm-list] Audit code for GDM
Date: Mon, 04 Feb 2008 17:32:58 -0600


Steve:

From a quick read through it looks OK to me. I'll see if I can test it at somepoint.
I've been looking at our new security requirements, there is a need to logwhoever issues the shutdown/reboot command for the system. Recently, I'venoticed in rawhide that you have to log out in order to issue shutdown. Ifyou log out, we can't tell who's issuing the shutdown since they are nowunauthenticated. :)


The way the old GDM handled this is you could disable the
Shutdown/Reboot features in the login GUI, but still keep them available
to users via the panel choices.  Perhaps users with such audit
requirements would want these features to likewise only be available via
the panel and not the login GUI directly.

And, seems like we may need to audit a user's responce to a typical govt loginbanner (this is a govt computer, use is subject to monitoring, blah blahblah, do you accept these conditions). I'm not quite ready for this one, butthought I'd just mention it.


I notice that the SunAudit code does work to audit whether or not the
user changed their password, and whether the password change failed or
succeeded.  Not sure, but perhaps libaudit should also support this sort
of auditing, since it seems useful.

Brian

Follow-Ups:
- Re: [gdm-list] Audit code for GDM
  - From: Steve Grubb

References:
- Re: [gdm-list] Audit code for GDM
  - From: Ray Strode
- Re: [gdm-list] Audit code for GDM
  - From: Ray Strode
- Re: [gdm-list] Audit code for GDM
  - From: Steve Grubb

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]