PolicyKit auditing - was Re: Fedora 11: moving to posix file capabilities?
Les Mikesell
lesmikesell at gmail.com
Sat Nov 1 17:14:03 UTC 2008
Steve Grubb wrote:
>
>>> Where's the GUI or commandline tool that lets me configure it? I may need
>>> to have auditing of who changed what entry in that file. When I chmod
>>> 4755 a program, I know who changed it, what the old and new values are,
>>> when they did it, and what the outcome was.
>> There's no real story on that other than "uid 0" and $EDITOR yet.
>> This is basically the same as all the other OS config files.
>
> No...we have a handful of apps that audit changes to trusted databases.
> password and adduser are two examples.
Why doesn't someone throw the entire set of config files into a version
control system? With bonus points for permitting it to reside remotely
and contain similar machines as branches. Aside from wanting to know
who changed what and when, the more important issue is usually what was
there last week when it still worked, or how it is different from a
similar machine. And the machine in question may not be working when
you need to know this.
--
Les Mikesell
lesmikesell at gmail.com
More information about the devel
mailing list