Re: User Account Lifecycle Auditing Specification
On Sep 15, 2014, at 5:21 PM, Steve Grubb <sgrubb(a)redhat.com> wrote:
Hello,
Recently I run across a problem where the events being sent by a program that
enrolls users and groups was found to be not sending the right events. Some of
the events were correct, some were wrong. In wanting to correct this problem
(and write verification suites later) I thought it might be nice to have some
specifications written up so that there is a common understanding that may be
referred to. This will allow correction of misbehaving programs and people to
better understand what this handful of events mean in a larger context.
The document was added to the audit project page. A direct link can be found
here:
http://people.redhat.com/sgrubb/audit/user-account-lifecycle.txt
I would appreciate feedback and/or comments. I will also try to write up a
couple other areas that need some clarification in the near future.
-Steve
Thanks for putting this together!
“The creation of a group mapping by adding a line to /etc/group should results in the
creation of an AUDIT_ADD_GROUP event.” sounds weird. Perhaps you mean "The creation
of a group mapping by adding a line to /etc/group should result in the creation of an
AUDIT_ADD_GROUP event.”
"This will also allow for test suites to be created to spot problems with thsi common
understanding of how the system should behave so that apps are corrected.” has a typo.
Should be "This will also allow for test suites to be created to spot problems with
this common understanding of how the system should behave so that apps are corrected.”
Thanks,
-josh