Re: Auditing File Changes
The original idea was to prevent the user from opening the file in
any
text or hex editor and changing the file or the file's allowed
operations,
which would be stored in the file itself. However, if we can
capture the
open call we may not need the the encryption afterall. All of this
is just
a proof of concept. It will need to be refined much more before we
do the
actual implementation, which is why I'm here to get these comments and
ideas from the community. :) We do not want to reinvent the wheel
but the
permissions need to go beyond the basic read-write-exec since
engineers
will need to modify the source code files but we may not want them
to copy
them to a usb drive or email them, and we want the permissions to
be in
place across platforms.
selinux can do this using policy (MLS policy specifically) and of
course auditting. The idea is that you can label a file to be
Secret. To access this file the user must be at Secret. When at
Secret they can only write at Secret, so even if they change
permissions or copy the data, it will still be at Secret and only
users allowed Secret access can see these files. You can then define
at what level a usb device is mounted, or what level the email system
runs at, so that Secret data cannot be written to the device or sent
through email. This is greatly simplified explanation of MLS and
more detail is probably outside the scope of the audit list. You
might try looking at the lssp-redhat list <http://www.redhat.com/
mailman/listinfo/redhat-lspp>, or Fedora MLS wiki <http://
www.fedoraproject.org/wiki/SELinux/FedoraMLSHowto>;.
The above is of course specific to MLS systems (selinux, Trusted
Solaris, HP-UX 10.26 and several others), so it isn't really cross
platform in they way you probably want. Still it might give you a
place to start so you don't reinvent the wheel.
>
> You'd have to modify OpenOffice to decrypt and re-encrypt documents,
> right?
The idea was that we would capture the writes and the data and then
encrypt it ourselves so OO would not need to care.
In an MLS system OO should not care either.
Evan