On Thu, 5 Aug 2004 04:48, david colbert <davidecolbert(a)yahoo.com> wrote:
Does anyone out there have policy config files that
bring a Fedora Core 2 system into compliance with
Chapter 8 of Defense Security Service's (DSS) National
Industrial Security Program Operating Manual (NISPOM)?
Firstly a disclaimer, I have not read that document, so don't take my comments
to mean anything in regard to it.
The gist of my problem is that I need to get more
strict access and auditing of any attempted access to
system files by non-root users. I am trying to get
selinux to log every failed attempt of every non-root
user to r/w/x all system files. I can get it working
SE Linux is based on the LSM interface which does not permit this.
If an access is rejected by Unix permissions then LSM is not called and
therefore SE Linux does not even get informed about the access attempt. It's
only if you have Unix permissions be extremely permissive that SE Linux could
audit all failed accesses.
general_file_read_access(sysadmin_t)
general_file_write_access(sysadmin_t)
general_domain_access(sysadmin_t)
Probably you meant to use sysadm_t not sysadmin_t.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page