You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe
If systemd-homed is used directly (i.e. not through PAM) to change security-sensitive settings about the user (most notably the user's authentication methods, but this can also apply to things like account lock status, password expiration, etc) or authenticate the user, no logging is done to the audit log.
To maintain compatibility with existing audit infrastructure, homed should send its own audit events to ensure that security-sensitive events still appear in the audit log
Describe alternatives you've considered
Using PAM, but the API is limited and it defeats the purpose of auditing if an attacker can bypass it by talking to homed directly
The systemd version you checked that didn't have the feature you are asking for
v256 (git)
The text was updated successfully, but these errors were encountered:
I mean, audit events are fine if people care, but outside of some very conservative corporate deployments they really don't matter. hence, I'd really not bother, and let the Redhats of this world eventually send a patch if they care and it becomes relevant, noone else needs this stuff.
note that for sysusers.d/ we don't generate audit events either, and so far not even rh cared much.
Component
systemd-homed
Is your feature request related to a problem? Please describe
If systemd-homed is used directly (i.e. not through PAM) to change security-sensitive settings about the user (most notably the user's authentication methods, but this can also apply to things like account lock status, password expiration, etc) or authenticate the user, no logging is done to the audit log.
Most important is sending audit events about password changes, because soon GNOME Settings will support changing homed passwords by talking to homed directly
Describe the solution you'd like
To maintain compatibility with existing audit infrastructure, homed should send its own audit events to ensure that security-sensitive events still appear in the audit log
Describe alternatives you've considered
Using PAM, but the API is limited and it defeats the purpose of auditing if an attacker can bypass it by talking to homed directly
The systemd version you checked that didn't have the feature you are asking for
v256 (git)
The text was updated successfully, but these errors were encountered: