On Wed, 2004-10-13 at 15:16 -0700, Kevin Degnan wrote: > an easy way to configure SELinux (or another > tool) to audit these files and record unsuccessful > access attempts? SELinux is only consulted *after* the normal DAC checks. So unless you're willing to give /etc/passwd world-readable DAC permissions, it won't work. However, the new auditing infrastructure may be able to help: http://people.redhat.com/faith/audit/ Maybe Rik or someone else who knows more about it can comment...
