Re: [audit] Upstream solution for auditing file system objects
From: James Morris
Date: Thu Dec 09 2004 - 21:29:23 EST
On Fri, 10 Dec 2004, Timothy Chavez wrote:
> Greetings,
>
> I'm writing this e-mail to facilitate some discussion on an audit
> feature for inclusion to the mainline kernel's audit subsysystem.
Note, there is a mailing list intended for audit discussion at
https://www.redhat.com/archives/linux-audit/
It's been a bit quiet, but it may be useful for detailed discussions.
> 2. Linux Security Module.
As Chris said, LSM is not suitable for CAPP auditing.
> 3. SELinux.
I don't think it's a good idea to tie everyone in to using SELinux.
Audit and SELinux do need to play well together though (and SELinux is
already integrated with some of the existing audit subsystem).
> 4. Audit subsystem.
IMHO we need a distinct Audit subsystem, perhaps even something which can
accomodate different implementations.
> However, the most obvious gain here, is that the subsystem is
> centralized and its intentions are clearer.
Indeed.
- James
--
James Morris
<jmorris@xxxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/