Re: [PATCH] Audit: Add TTY input auditing

From: Alan Cox
Date: Thu Jun 07 2007 - 11:52:41 EST

Next message: Andrew Morton: "Re: 2.6.22-rc4-mm1"
Previous message: David Howells: "Re: [PATCH (trivial)] Fix typo in Documentation/keys.txt"
In reply to: Casey Schaufler: "Re: [PATCH] Audit: Add TTY input auditing"
Next in thread: Steve Grubb: "Re: [PATCH] Audit: Add TTY input auditing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> logging to meet the audit requirements. You have to log what happened.
> Logging what was requested is insufficient and logging what was
> typed, which may or may not have resulted in an actual request is
> not helpful to meeting security audit requirements.

Key information can answer some questions as an additional adjunct, but
all of this really depends whether your security audit requirement is to
impress the monkeys or to protect your systems (or as usually is the case
to protect your system while still impressing a bunch of half-trained 19
year old box tickers on their first outing doing auditing)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: 2.6.22-rc4-mm1"
Previous message: David Howells: "Re: [PATCH (trivial)] Fix typo in Documentation/keys.txt"
In reply to: Casey Schaufler: "Re: [PATCH] Audit: Add TTY input auditing"
Next in thread: Steve Grubb: "Re: [PATCH] Audit: Add TTY input auditing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]