Re: A scriptable utility for setting auid
On Tuesday 20 February 2007 16:29:25 Matthew Booth wrote:
I needed a way to exclude a very large class of audit traffic [1] in
RHEL 4. It occurred to me that if I could launch a process and give it
the auid of a dedicated user, I could easily filter it out along with
all child processes. With this in mind I wrote the attached simple
wrapper round the audit_setloginuid. It sets its own auid to whatever
you give it, then execs a command.
In general, I don't like the theory that this operates under. It could be
abused and then the audit trail coerced. Could you not achieve this by making
the apps set gid and filtering on the group?
-Steve