Skip to content
/ nice-lad Public

A tool to log privilege denials (cases when application wants to have access to a resource, but security policy disallows it).

License

Apache-2.0 license
3 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Samsung/nice-lad

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
conf
conf
 
 
packaging
packaging
 
 
src
src
 
 
tests
tests
 
 
AUTHORS
AUTHORS
 
 
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

nice-lad

Introduction

Narcissistic, Incredible, Completely Exceptional Logger of Access Denials

Project goals

Nice-lad is a tool to collect and aggregate logs of access denials in system. The source of data are audit messages from DAC, Smack, Cynara and netfilter.

The purpose of nice-lad is to collect and normalize the selected audit logs and make them readable by unprivileged user. This might be helpful during debugging applications accessing restricted resources.

Nice-lad works as an audispd plugin.

Project history

Nice-lad was first introduced in July 2015.

Contact information

Name E-mail Function
Aleksander Zdyb [email protected] Developer, Maintainer

Sources

The equivalent places, nice-lad can be obtained from:

Features

Nice-lad, as an audisp plugin, is fed with audit events. It parses and filters them to obtain and aggregate information useful in context of logging of access denials.

At the moment, the supported subsystems are:

  • DAC denials on given groups,
  • Smack denials,
  • Cynara denials,
  • Netfilter denials (supported by Nether).

Implanted standards

Nice-lad uses:

  • libauparse to parse audit events,
  • Security Manager (where available) to obtain resource groups to monitor,
  • journald (where available) or syslog to put aggregated logs.

Running the project

The package consists of following files (note, the exact paths are system-dependent):

  • /etc/audisp/plugins.d/nice_lad.conf,
  • /usr/sbin/nice-lad.

Provided, the above config file is present in audisp plugins directory, nice-lad is automagically activated, when auditing service is run. In order to disable nice-lad, while keeping audit running, one need to edit the config to contain "active = no".

Reading the logs

Nice-lad will log access denials to journald (if available) or syslog with informational level. Below, are some examples:

Jul 10 10:11:04 HOSTNAME nice-lad: ACCESS DENIED ON SYSCALL syscall=open filename=/tmp/test exit=-13(Permission denied) gid=unknown(1234) object=test subject=_
Jul 10 10:11:09 HOSTNAME nice-lad: ACCESS DENIED ON SMACK object="test" subject="_" access=r
Jul 10 10:11:26 HOSTNAME nice-lad: ACCESS DENIED ON CYNARA client="test_client" user="test_user" privilege="http://tizen.org/privilege/account.read"
Jul 10 10:11:51 HOSTNAME nice-lad: ACCESS DENIED ON NETFILTER obj=User outif=eth0 proto=tcp saddr=10.0.2.16 sport=54460 daddr=198.145.20.7 dport=443

Testing

Nice-lad comes with a set of unit tests written in gmock. By adding new features or fixing bugs, please add or update tests.

About

A tool to log privilege denials (cases when application wants to have access to a resource, but security policy disallows it).

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

13 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages