Re: Auditing File Changes
On Mon, Jul 10, 2006 at 04:51:31PM -0400, Valdis.Kletnieks(a)vt.edu wrote:
And "comparing trusted accesses to total accesses" is quite
possibly flawed as
well - I've lost count of times that the audit trail has clearly said that a
"trusted program" did something, and the *actual* security issue was the user
went to the bathroom and a locking screensaver wasn't engaged, allowing
somebody else to run the program surreptitiously....
That one is easy to fix by including a current webcam picture of the user
in each audit record in addition to the auid ;-)
-Klaus