> * frm crispinat_private "07/24/01 23:37:30 -0700" | sed '1,$s/^/* /' > * > * weird. If the system is so critical, then why is IDS > configured to only > * bitch about MAC violations? If it is because alarming at > DAC violations > * is too noisy, then why do so many people do so much work on > a system that > * is so critical? It just doesn't make sense. Sometimes the DAC violations are noisy, and not directly due to the overt acts of the people on the machine. There have been apps that are coded in such a way as to cause many, many DAC audit entries. One shell comes to mind that on each command-line interpretation, caused many DAC violations in its search. It's not reasonable to change all the apps on a system just to make your audit trail smaller. Having such an app doesn't make the machine less useful or trustworthy, but it does impact on the manner in which DAC rules are filtered. --steve kramer _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 08:12:31 PDT