Steve Grubb <sgrubb@xxxxxxxxxx> writes: > 5) We must audit changes to trusted databases > > To accomplish this, we instrument the shadow-utils code. This lets > us see who modified any account and which account and how it was > modified. You can find these in your audit logs ny looking for > > ausearch --start this-month -m ADD_USER # vipw i foo:x:1111:1111:x:/bin/foo:/bin/sh # ausearch --start this-month -m ADD_USER # or $ ldapadd dn: uid=foo,... # ausearch --start this-month -m ADD_USER # Both 'vipw' and 'ldapadd' are official and documented tools to manage user database. > The utilities that would allow you to modify it cannot be accessed > unless you are root. Sounds like "when the algorithm is hidden, the crypto mechanism is secure"... Enrico -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
