On Sep 15, 2014, at 5:21 PM, Steve Grubb <sgrubb(a)redhat.com&gt; wrote: > Recently I run across a problem where the events being sent by a program > that enrolls users and groups was found to be not sending the right > events. Some of the events were correct, some were wrong. In wanting to > correct this problem (and write verification suites later) I thought it > might be nice to have some specifications written up so that there is a > common understanding that may be referred to. This will allow correction > of misbehaving programs and people to better understand what this handful > of events mean in a larger context. > > The document was added to the audit project page. A direct link can be > found here: > > http://people.redhat.com/sgrubb/audit/user-account-lifecycle.txt > > I would appreciate feedback and/or comments. I will also try to write up a > couple other areas that need some clarification in the near future. Thanks for putting this together! “The creation of a group mapping by adding a line to /etc/group should results in the creation of an AUDIT_ADD_GROUP event.” sounds weird. Perhaps you mean "The creation of a group mapping by adding a line to /etc/group should result in the creation of an AUDIT_ADD_GROUP event.”

"This will also allow for test suites to be created to spot problems with thsi common understanding of how the system should behave so that apps are corrected.” has a typo. Should be "This will also allow for test suites to be created to spot problems with this common understanding of how the system should behave so that apps are corrected.”