On Thursday, July 21, 2016 11:48:04 AM EDT Ondrej Moris wrote:
Hi, I noticed that in 2.6.5 /var/log/audit permission were dropped
from
750 to 600.
The directory should be 0750 or 0700 depending on your config. 0600 would be a
mistake.
I am fine with that but while I see the motivation [1], I
just cannot find where is that happening in the code.
https://fedorahosted.org/audit/browser/trunk/src/auditd-event.c#L886
Besides, specfile
still contains:
%attr(750,root,root) %dir %{_var}/log/audit
Maybe I should take the attr away or modify it to (-,root,-). The group can
change. For example, I have wheel allowed to run audit reports on my system.
and hence 'rpm -V audit' obviously fails.
Yeah. Hmm.
-Steve