Re: c2 (or c2-like) auditing for Linux

From: Russell Coker (russellat_private)
Date: Sat Jan 25 2003 - 02:08:26 PST

  • Next message: MissClub: "*****SPAM***** True Love"

    On Sat, 25 Jan 2003 06:16, Leigh Purdie wrote:
    > G'day Nathan, (All: FYI / Comment)
    >
    > Snare (www.intersectalliance.com/projects/Snare/index.html) is designed
    > to be a C2-style audit capability for Linux, and works on RH7.2 (as well
    > as 7.1, 7.3, and as of last night, 8.0, plus Suse / Mandrake, and Debian
    > Woody+). Snare operates as a kernel module (at present), and so no
    > kernel recompiles are required. There is also a user-space audit daemon,
    > and a configuration/monitoring GUI available as an open-source/free
    > download.
    
    How does it compare with http://secureaudit.sourceforge.net/ ?
    
    How does it interact with SE Linux?  Does it even work alongside SE Linux?  
    Does it support logging of SE data (IE security context of the process 
    performing a file access)?
    
    -- 
    http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
    http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
    http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
    http://www.coker.com.au/~russell/  My home page
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Sat Jan 25 2003 - 02:10:01 PST