Looking into access privileges
To finish off, let's look at how to verify access privileges granted to users. Specifying roles and privileges allows users to do their job, but from a security point of view, it is also important to verify if (and which) users can manipulate certain resources. Auditors will want to have an overview of who is able to, say, manipulate SELinux policies or read private keys.
How to do it…
To properly investigate access rights, the following approach can help in identifying users (and processes) that have the permissions we want to be informed about:
Verify file permissions that are not related to SELinux.
Verify direct access to the resource (such as read rights on private keys).
Look at who (users or applications) has the right to manipulate the SELinux policy.
Check users and domains that are granted direct access to filesystems and raw devices.
See when memory can be accessed directly.
Review who can update authentication files.
Analyze who can boot the system.
