2014-06-17 15:04 GMT+02:00 Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx>:
Note that having the userspace audit package installed and having audit syscall auditing enabled are not the same thing; in fact the proposed way to disable syscall auditing requires the audit package.I was looking at https://fedorahosted.org/fesco/ticket/1311, and it occured
to me that we don't ship the selinux troubleshooting tools by default in the
minimal cloud image (add 'em if you need them). We do leave _audit_ there.
What do people think about removing it? (As noted in the ticket, it's mostly
useful with configuration, not in the default state.)
I don’t have a very strong opinion on either one from a “security” point of view.
Beyond that, generally I’m not too enthusiastic about having the various products too different in configuration defaults in ways that are not obviously expected for the product in question (i.e., a “purposefully minimal” image removing packages from the default set is expected; the same image changing the syscall audit configuration is, I think, not).
Beyond that, generally I’m not too enthusiastic about having the various products too different in configuration defaults in ways that are not obviously expected for the product in question (i.e., a “purposefully minimal” image removing packages from the default set is expected; the same image changing the syscall audit configuration is, I think, not).
Mirek
-- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security