Re: monitor remote rpm database

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Dec 29, 2004 at 08:18:41PM +0530, Mulley, Nikhil wrote:
> But how it can be spoofed , as  I see that no user has write
> permissions on /var/lib/rpm Hmmmm. I know you are taking about local
> sudo users who can have anything with the system ...  but what is the
> necessary change that you would suggest at /etc/sudoers file so that
> no one except genuine root has write permissions on to these files 

If you don't trust the users, the sudoers file should not allow the
users to get a root shell - they should be restricted to very specific
procedures that you have audited to make sure they can't do anything
they're not supposed to do.

If you're after security auditing, the rpm database is not the right
place.  If your system has been penetrated and a bad guy has taken over
your system, the rpm database is likely one of the priorities for hiding
his/her tracks.

If you really need a security audit as to what changes have happened on
the system, look at something like tripwire instead.  If rpm database
listings are good enough, then rpm is certainly much simpler to work
with.

-- 
Ed Wilts, RHCE
Mounds View, MN, USA
mailto:ewilts@xxxxxxxxxx
Member #1, Red Hat Community Ambassador Program

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux