Jesse Keating píše v Ne 07. 12. 2008 v 09:11 -0800: > On Sun, 2008-12-07 at 17:00 +0000, Miloslav Trmač wrote: > > More exactly, it is "after admins stop playing nice, all bets are off". > > The system is supposed to audit all attempts to violate the security > > policy up to the first successful violation, > > But only through pre-approved interfaces... what if the admin doesn't > use any of those for their first attempts? (why would an admin use any > of those?) Nobody can prevent you from configuring the system in a way that doesn't allow auditing, nor from doing other unexpected - whether useful or stupid - things. But you can choose to configure the system in a way that makes audit useful. (The lower-level attacks like direct modification of /etc/shadow are audited as well, but as attacks "against the file", not "against a specific user". In either case the event and the administrator are identified.) Mirek -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
