RE: EXT :Re: [RFC] Create an audit record of USB specific details

From: Boyce, Kevin P (AS)
Date: Tue Apr 05 2016 - 09:54:18 EST

Next message: Andy Shevchenko: "[PATCH v3 05/10] lib/uuid: remove FSF address"
Previous message: Josh Poimboeuf: "Re: [RFC PATCH v1.9 12/14] livepatch: create per-task consistency model"
In reply to: Greg KH: "Re: EXT :Re: [RFC] Create an audit record of USB specific details"
Next in thread: Greg KH: "Re: EXT :Re: [RFC] Create an audit record of USB specific details"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Greg,

> There is no "/proc/usb/" :)

Sorry, maybe /sys/bus/usb/devices was what I was looking for...

> The kernel calls mknod itself on devtmpfs, userspace doesn't do that anymore (hasn't for a long time). Do you get those audit events today?

I'm not auditing those events myself. Just proposing ideas that might produce the sort of information Wade was looking for.

kevin

Next message: Andy Shevchenko: "[PATCH v3 05/10] lib/uuid: remove FSF address"
Previous message: Josh Poimboeuf: "Re: [RFC PATCH v1.9 12/14] livepatch: create per-task consistency model"
In reply to: Greg KH: "Re: EXT :Re: [RFC] Create an audit record of USB specific details"
Next in thread: Greg KH: "Re: EXT :Re: [RFC] Create an audit record of USB specific details"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]