Hi David, On Fri, 4 Aug 2006 10:07:43 +1000 "David O'Brien" <daobrien@xxxxxxxxxx> wrote: > top post... > > Stuart, > I'm following this thread with interest, as I'm in the process of > updating the RHEL5 documentation for Security and SELinux and I'm > looking especially for Use Cases/real world scenarios (rather than > fabricated implementations). I'm especially interested in getting > community input for this. > > If I'm reading this correctly, this could be a "Using SELinux to > perform self-auditing" (or whatever) topic, including why you would > do that, why SELinux is a good way to do it, and then *how* to do it > exactly, with expected results, possible variations, and some > troubleshooting, perhaps. Also some material on how/what *not* to do. I would be more then interested in helping with this documentation or the reason why we are doing this. Our company is an E-commerce firm that deals with the issue of protecting the integrity of the card holder environment for the purpose of PCI audits. http://www.secpay.com/secpay/index.php/content/view/full/267.html https://sdp.mastercardintl.com/pdf/pcd_manual.pdf As it now has become more rigorous of certification(formally Visa AIS) to achieve and is mandatory for us to continue transacting one of the main issues of the standard we are faced with is section 10.5.x which previously we have passed based on sudo logging to a central syslog server. As mentioned previously its not because we have untrusted root users, its that we have to prove to a third party auditor that we can create a forensic security trail of a user actions. We have looked into other software such as symark powerbroker, which indeed does what we need, although it is logging soley in userspace, but the fact that it is not opensource software and has a hefty price tag we would rather look at selinux / auditing. > > How do you feel about getting involved in this? I'm a writer, not an > SELinux expert, so I'm relying on input from others for the techie > bits. > > Further, if you're aware of documentation that's wrong or hard to > follow, let me know or file a bug > (https://bugzilla.redhat.com/bugzilla/index.cgi). > > cheers > David > Regards, Stuart James -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list