[kmf-discuss] restart of PSARC/2006/283 Certificate & PKCS#11 PAM module
Bart Smaalders
bart.smaalders at Sun.COM
Wed Mar 26 10:48:32 PDT 2008
Wyllys Ingersoll wrote:
>>> Other lesser concerns include:
>>> * The spec's frequent use of "A user" for performing configuration.
>>> * The introduction of new /etc files that seem security relevant
>>> with no auditable administrative interface. (See the Solaris
>>> Audit policy:
>>> http://opensolaris.org/os/community/arc/policies/audit-policy/)
>>>
>
> Is it common that we impose our auditing policies on all open source
> based projects for administering configuration files? We have lots of
> configuration files that have security implications that do not have
> auditable admin interfaces - ssh_config, sshd_config, krb5.conf,
> kdc.conf, just to name a few.
Gary -
How does a project satisfy this requirement? Suppose my project
"foo" introduces a new file in /etc that is deemed to be security
related. Beside the facilities already provided by Solaris auditing,
what additional work should I do to track edits by vi, vim, etc?
- Bart
--
Bart Smaalders Solaris Kernel Performance
barts at cyber.eng.sun.com http://blogs.sun.com/barts
"You will contribute more with mercurial than with thunderbird."
More information about the kmf-discuss
mailing list