On Thursday 15 May 2008 10:41:30 Matthias Clasen wrote: > On Thu, 2008-05-15 at 09:59 -0400, Steve Grubb wrote: > > > Either make the audit system cope with userspace parts coming later, or > > > if starting auditd first is really a hard requirement, implement that > > > in a way that doesn't require mailing list reminders ? > > > > I have it as low in init priority as I can get it. It even starts before > > rsyslog. If a graphical boot does not honor the settings in the init > > scripts, what am I supposed to do? Is there another directory that I need > > to drop a file into that gets picked up by the boot sequence? > > Out of interest, does that mean that unlocking an encrypted disk leaves > no audit trail ? This is completely unaudited. It probably should be audited, but I'd need to know more about it to see if its done before the kernel is running or after. If its before, there's not a lot you can do except slow down the number of attempts and render the machine unusable by refusing to accept anymore passphrases. If its after the kernel is running, then yes an audit event should be sent into the kernel. -Steve -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
