[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] Write permission
- Subject: [ale] Write permission
- From: vernard at gmail.com (Vernard Martin)
- Date: Wed, 25 May 2016 08:20:24 -0400
- In-reply-to: <[email protected]>
- References: <CAEo=5PyZu4UCtzO+VZ2-DLuMEtcDwNt49rN9-iuJ3n6jmgj67w@mail.gmail.com> <CAEo=5PyTQ0BiMSrGMGE5CJNTBRVEhXYJKmp1CWKz9May48AiHQ@mail.gmail.com> <CAEo=5PygpKWi++euyS-FfonnRRmXqo2eKfQUegP0h8dpGh0GYQ@mail.gmail.com> <CAEo=5Pxg-ZLbqLOfiTsK=72QbNX9aj3kA=0onh3qu9=kJGourg@mail.gmail.com> <CAEo=5Pyv6PwpvEqgG8uQ59MLcf=LTV-z3=HzbUVK5WyfSBg=FA@mail.gmail.com> <CAEo=5PyEkZ546xqbKrT0wi2Qm6uy+yab5XbKhQRn=_VNmxLhww@mail.gmail.com> <CAEo=5PyrcPc6HVgJo8kZ1=6iq-4-NZ6gCTXH=N1PLx_5kgrDAA@mail.gmail.com> <CAEo=5PysoPnLiy4LzHyogEwtEby53UR9O7bvMBFYoz+kLgpSSg@mail.gmail.com> <CAEo=5PyghTpdu8ZMiXYRMH-nhpwvTSn+YED7rNRgvm9BCTgzPw@mail.gmail.com> <CAEo=5Px+O=_Gguzbhg8x6nfpEvVkHFUSCTu2TWZUhZaMZ9cYiA@mail.gmail.com> <CAEo=5PxAv_zF5=0+UU9G32yWQkb2OBtm-T1M2S9Do4otY9YWog@mail.gmail.com> <CAEo=5PwLZ2gFwrVw-Ho65CFJ1zC4WGyB+5fRfsuyPqZSc3UAKQ@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]> <[email protected]>
On 5/16/2016 6:18 PM, Jim Kinney wrote:
>
> Happily, this isn't DoD. Just HIPPA. Must strike a balance between
> absolute security (standalone system with no networking in a room with
> armed guards will to shoot on site) and usability (woo! Free-for-all
> and everyone has root - NOT ON MY WATCH!).
>> Either you need security or you don't.
>
> Need security that prevents accidental relocation and makes deliberate
> abuse difficult but most importantly, traceable back to the now
> expelled/fired idiot.
Auditd can be configured to give you enough info to trace who/what is
going on. Add sudo logs to that and you can probably track an offender
quite fast.
Or you can use the crappy EASH package that does all this and is
absurdly old and not supported by the developer anymore. But it *does*
work.
V