CD2H gitForager

Samsung/nice-lad

Name: nice-lad

Owner: Samsung

Description: A tool to log privilege denials (cases when application wants to have access to a resource, but security policy disallows it).

Created: 2015-05-26 04:51:15.0

Updated: 2016-05-15 14:08:01.0

Pushed: 2015-12-17 11:55:00.0

Homepage: null

Size: 192

Language: C++

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

nice-lad

Introduction

Narcissistic, Incredible, Completely Exceptional Logger of Access Denials

Project goals

Nice-lad is a tool to collect and aggregate logs of access denials in system. The source of data are audit messages from DAC, Smack, Cynara and netfilter.

The purpose of nice-lad is to collect and normalize the selected audit logs and make them readable by unprivileged user. This might be helpful during debugging applications accessing restricted resources.

Nice-lad works as an audispd plugin.

Project history

Nice-lad was first introduced in July 2015.

Contact information

Sources

The equivalent places, nice-lad can be obtained from:

Tizen
GitHub

Features

Nice-lad, as an audisp plugin, is fed with audit events. It parses and filters them to obtain and aggregate information useful in context of logging of access denials.

At the moment, the supported subsystems are:

DAC denials on given groups,
Smack denials,
Cynara denials,
Netfilter denials (supported by Nether).

Implanted standards

Nice-lad uses:

libauparse to parse audit events,
Security Manager (where available) to obtain resource groups to monitor,
journald (where available) or syslog to put aggregated logs.

Running the project

The package consists of following files (note, the exact paths are system-dependent):

/etc/audisp/plugins.d/nice_lad.conf,
/usr/sbin/nice-lad.

Provided, the above config file is present in audisp plugins directory, nice-lad is automagically activated, when auditing service is run. In order to disable nice-lad, while keeping audit running, one need to edit the config to contain “active = no”.

Reading the logs

Nice-lad will log access denials to journald (if available) or syslog with informational level. Below, are some examples:

10 10:11:04 HOSTNAME nice-lad: ACCESS DENIED ON SYSCALL syscall=open filename=/tmp/test exit=-13(Permission denied) gid=unknown(1234) object=test subject=_
10 10:11:09 HOSTNAME nice-lad: ACCESS DENIED ON SMACK object="test" subject="_" access=r
10 10:11:26 HOSTNAME nice-lad: ACCESS DENIED ON CYNARA client="test_client" user="test_user" privilege="http://tizen.org/privilege/account.read"
10 10:11:51 HOSTNAME nice-lad: ACCESS DENIED ON NETFILTER obj=User outif=eth0 proto=tcp saddr=10.0.2.16 sport=54460 daddr=198.145.20.7 dport=443

Testing

Nice-lad comes with a set of unit tests written in gmock. By adding new features or fixing bugs, please add or update tests.

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.