On Wednesday 18 November 2009 04:45:05 pm James Antill wrote:
On Wed, 2009-11-18 at 16:04 -0500, Steve Grubb wrote:
> > The problem is the *Default* not the fact that you can consciously
> > allow users to update without a password.
>
> And I wonder what the audit trail will show? Does it show which user
> installed these packages?
PK has it's own logging, it logs the user the API is running from
there. But it doesn't set loginuid, so "yum history", auditd, SELinux,
etc. don't know.
That is a big problem. If I have the following audit rule:
-a always,exit -F dir=/usr -F perm=w
It needs to show which user was able to write into /usr or the audit trail is
broken.
-Steve