[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: securing/monitoring Debian devel environment

On Thu, Dec 30, 2010 at 11:58 PM, Christian Kastner <debian@kvr.at> wrote:
> to package-build-audit *only* is a pain. For example, it is easy to
> monitor *all* access to /etc/shadow or changes to /bin/login, it is
> quite hard to limit the monitoring to a *process tree* (our building
> process).

Does the build process run as root? If so, I think it shouldn't. If
not, it can't read /etc/shadow.
About elevation via sudo: don't enable/use ssh/sudo/etc from the
account you use to build.


Reply to: