Discussion:
Auditing printing
warron.french
2018-05-01 18:05:36 UTC
Permalink
I have a requirement to monitor two (2) things:

1. Print to file

2. Print to (printer) device


What is the best approach for this? I don't see a syscall that looks
appropriate - but that doesn't mean there is not one.

Would I simply do an audit on the *lpr* command? Or is it another command?

I need the ability to monitor printing to both file and device, *FROM*,
linux shell as well as console or GUI.

Can someone advise me on how to accomplish this please?


Thanks in advance,
--------------------------
Warron French
Steve Grubb
2018-05-01 18:20:04 UTC
Permalink
Post by warron.french
1. Print to file
2. Print to (printer) device
What is the best approach for this?
Cups should be hardwired to audit.

# ldd /usr/sbin/cupsd | grep audit
libaudit.so.1 => /lib64/libaudit.so.1 (0x00007f04f1cfa000)

It's been a long time since I looked at this.

-Steve
Post by warron.french
I don't see a syscall that looks
appropriate - but that doesn't mean there is not one.
Would I simply do an audit on the *lpr* command? Or is it another command?
I need the ability to monitor printing to both file and device, *FROM*,
linux shell as well as console or GUI.
Can someone advise me on how to accomplish this please?
Thanks in advance,
--------------------------
Warron French
warron.french
2018-05-01 18:29:56 UTC
Permalink
OK, so that will cover from CLI as well as something in the gui like
Firefox?

For both printing to a print device as well as to a file?

--------------------------
Warron French
Post by Steve Grubb
Post by warron.french
1. Print to file
2. Print to (printer) device
What is the best approach for this?
Cups should be hardwired to audit.
# ldd /usr/sbin/cupsd | grep audit
libaudit.so.1 => /lib64/libaudit.so.1 (0x00007f04f1cfa000)
It's been a long time since I looked at this.
-Steve
Post by warron.french
I don't see a syscall that looks
appropriate - but that doesn't mean there is not one.
Would I simply do an audit on the *lpr* command? Or is it another
command?
Post by warron.french
I need the ability to monitor printing to both file and device, *FROM*,
linux shell as well as console or GUI.
Can someone advise me on how to accomplish this please?
Thanks in advance,
--------------------------
Warron French
Steve Grubb
2018-05-01 21:53:52 UTC
Permalink
Post by warron.french
OK, so that will cover from CLI as well as something in the gui like
Firefox?
For both printing to a print device as well as to a file?
I haven't looked at this code in a very long time. So, I don't remember how
to enable it to test it. But it should have full coverage to meet export
requirements for LSPP way back on RHEL 5. The code has been ported all these
years and is supposed to still work.

-Steve
Post by warron.french
Post by Steve Grubb
Post by warron.french
1. Print to file
2. Print to (printer) device
What is the best approach for this?
Cups should be hardwired to audit.
# ldd /usr/sbin/cupsd | grep audit
libaudit.so.1 => /lib64/libaudit.so.1 (0x00007f04f1cfa000)
It's been a long time since I looked at this.
-Steve
Post by warron.french
I don't see a syscall that looks
appropriate - but that doesn't mean there is not one.
Would I simply do an audit on the *lpr* command? Or is it another
command?
Post by warron.french
I need the ability to monitor printing to both file and device, *FROM*,
linux shell as well as console or GUI.
Can someone advise me on how to accomplish this please?
Thanks in advance,
--------------------------
Warron French
warron.french
2018-05-01 23:57:33 UTC
Permalink
Thanks for the feedback Steve.

--------------------------
Warron French
Post by Steve Grubb
Post by warron.french
OK, so that will cover from CLI as well as something in the gui like
Firefox?
For both printing to a print device as well as to a file?
I haven't looked at this code in a very long time. So, I don't remember how
to enable it to test it. But it should have full coverage to meet export
requirements for LSPP way back on RHEL 5. The code has been ported all these
years and is supposed to still work.
-Steve
Post by warron.french
Post by Steve Grubb
Post by warron.french
1. Print to file
2. Print to (printer) device
What is the best approach for this?
Cups should be hardwired to audit.
# ldd /usr/sbin/cupsd | grep audit
libaudit.so.1 => /lib64/libaudit.so.1 (0x00007f04f1cfa000)
It's been a long time since I looked at this.
-Steve
Post by warron.french
I don't see a syscall that looks
appropriate - but that doesn't mean there is not one.
Would I simply do an audit on the *lpr* command? Or is it another
command?
Post by warron.french
I need the ability to monitor printing to both file and device,
*FROM*,
Post by warron.french
Post by Steve Grubb
Post by warron.french
linux shell as well as console or GUI.
Can someone advise me on how to accomplish this please?
Thanks in advance,
--------------------------
Warron French
Loading...