[rsbac] Logging besides syslog
Amon Ott
ao at rsbac.org
Mon Mar 8 14:37:51 CET 2004
On Montag, 8. März 2004 14:22, Charles Miller wrote:
> I've read in the documentation that there is some kernel level logging
that
> takes place when actions are denied by rsbac. I've seen mention of some
> circular kernel buffer. I've noticed these logs in /var/log/messages,
but
> wonder where else I can see these logs, as the security officer. (For
> example, root can access /var/log/messages, can I have these show up
> somewhere root can't see them). Where is this configured in rsbac? TIA.
You must enable "RSBAC own logging" in kernel config, then the buffer will
appear as /proc/rsbac-info/rmsg. This logging source is by default only
accessible for the system roles "security officer" and "auditor", "system
role" is set for user 400.
You can use the rsbac-klogd from the admin tools to write it all to disk.
The rklogd will setuid to 400 (or optionally another id) first.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list