Re: [gdm-list] Audit code for GDM
- From: Brian Cameron <Brian Cameron Sun COM>
- To: Steve Grubb <sgrubb redhat com>
- Cc: gdm-list gnome org, Gary Winiger <gww eng sun com>
- Subject: Re: [gdm-list] Audit code for GDM
- Date: Mon, 04 Feb 2008 17:32:58 -0600
Steve:
From a quick read through it looks OK to me. I'll see if I can test it at some
point.
I've been looking at our new security requirements, there is a need to log
whoever issues the shutdown/reboot command for the system. Recently, I've
noticed in rawhide that you have to log out in order to issue shutdown. If
you log out, we can't tell who's issuing the shutdown since they are now
unauthenticated. :)
The way the old GDM handled this is you could disable the
Shutdown/Reboot features in the login GUI, but still keep them available
to users via the panel choices. Perhaps users with such audit
requirements would want these features to likewise only be available via
the panel and not the login GUI directly.
And, seems like we may need to audit a user's responce to a typical govt login
banner (this is a govt computer, use is subject to monitoring, blah blah
blah, do you accept these conditions). I'm not quite ready for this one, but
thought I'd just mention it.
I notice that the SunAudit code does work to audit whether or not the
user changed their password, and whether the password change failed or
succeeded. Not sure, but perhaps libaudit should also support this sort
of auditing, since it seems useful.
Brian
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]