You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For the file_integrity module, add support for monitoring and reporting changes to the filesystem extended attributes (xattrs) named security.selinux and system.posix_acl_access. Events will contain the values of these xattrs. If the values change then an event should be reported. Both attributes' values contain a null-terminated string.
Describe a specific use case for the enhancement or feature:
In environments where SELinux is employed then it is useful to monitor file metadata for changes to SELinux labels. A change to labeling can impact security posture.
Similarly in environments where file ACLs are used (e.g. getfacl, setfacl) it is useful to monitor for changes to these ACLs (just like it is useful to monitor permissions in the file mode).
Describe the enhancement:
For the file_integrity module, add support for monitoring and reporting changes to the filesystem extended attributes (xattrs) named
security.selinux
andsystem.posix_acl_access
. Events will contain the values of these xattrs. If the values change then an event should be reported. Both attributes' values contain a null-terminated string.Describe a specific use case for the enhancement or feature:
In environments where SELinux is employed then it is useful to monitor file metadata for changes to SELinux labels. A change to labeling can impact security posture.
Similarly in environments where file ACLs are used (e.g.
getfacl
,setfacl
) it is useful to monitor for changes to these ACLs (just like it is useful to monitor permissions in the file mode).References
The text was updated successfully, but these errors were encountered: