search

ctc-oss / fapolicy-analyzer

Tools to assist with the configuration and management of fapolicyd.
https://ctc-oss.github.io/fapolicy-analyzer
GNU General Public License v3.0
12 stars 5 forks source link

Analyze stale logs #744

Open jw3 opened 1 year ago

jw3 commented 1 year ago

Consider how analysis can be performed on stale logs. Logs can be made stale any time the system is updated.

  1. User encounters denials on an application just before COB on Tuesday
  2. Sends email, but Administrator has already left for the day
  3. System security patches are automatically applied overnight
  4. Wednesday the administrator analyzes the log
  5. The security patches have modified the trust database, obfuscating the findings in the analysis

See