On Thu, 5 Aug 2004 04:48, david colbert <davidecolbert@xxxxxxxxx> wrote: > Does anyone out there have policy config files that > bring a Fedora Core 2 system into compliance with > Chapter 8 of Defense Security Service's (DSS) National > Industrial Security Program Operating Manual (NISPOM)? Firstly a disclaimer, I have not read that document, so don't take my comments to mean anything in regard to it. > The gist of my problem is that I need to get more > strict access and auditing of any attempted access to > system files by non-root users. I am trying to get > selinux to log every failed attempt of every non-root > user to r/w/x all system files. I can get it working SE Linux is based on the LSM interface which does not permit this. If an access is rejected by Unix permissions then LSM is not called and therefore SE Linux does not even get informed about the access attempt. It's only if you have Unix permissions be extremely permissive that SE Linux could audit all failed accesses. > general_file_read_access(sysadmin_t) > general_file_write_access(sysadmin_t) > general_domain_access(sysadmin_t) Probably you meant to use sysadm_t not sysadmin_t. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
