Re: c2 (or c2-like) auditing for Linux

From: Russell Coker (russellat_private)
Date: Sat Jan 25 2003 - 02:08:26 PST

  • Next message: MissClub: "*****SPAM***** True Love"

    On Sat, 25 Jan 2003 06:16, Leigh Purdie wrote:
    > G'day Nathan, (All: FYI / Comment)
    > Snare ( is designed
    > to be a C2-style audit capability for Linux, and works on RH7.2 (as well
    > as 7.1, 7.3, and as of last night, 8.0, plus Suse / Mandrake, and Debian
    > Woody+). Snare operates as a kernel module (at present), and so no
    > kernel recompiles are required. There is also a user-space audit daemon,
    > and a configuration/monitoring GUI available as an open-source/free
    > download.
    How does it compare with ?
    How does it interact with SE Linux?  Does it even work alongside SE Linux?  
    Does it support logging of SE data (IE security context of the process 
    performing a file access)?
    --   My NSA Security Enhanced Linux packages  Bonnie++ hard drive benchmark    Postal SMTP/POP benchmark  My home page
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Sat Jan 25 2003 - 02:10:01 PST