Re: auditing procmail?
--- Valdis.Kletnieks(a)vt.edu wrote:
Anybody have any good ideas on what should happen
for auditing and loginuid
when Sendmail invokes procmail as a delivery agent,
and we're running
essentially arbitrary code as the user from their
.procmailrc? My gut
feeling is that this *should* act just like a cron
job for auditing
purposes, but the sendmail/procmail interface isn't
in the least PAM-ified,
so we can't just toss in a 'session required
pam_audit.so'...
Since the user can define what goes into the
.procmailrc and since whatever is specified runs
as the user the audit should identify the user
and be treated as a user session. In the days
before delivery agents we still had to deal with
"vacation", and audit that appropriately.
=====
Casey Schaufler
casey(a)schaufler-ca.com
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail