Re: c2 (or c2-like) auditing for Linux

• Previous message: Chris Wright: "Re: c2 (or c2-like) auditing for Linux"
• In reply to: Valdis.Kletnieksat_private: "Re: c2 (or c2-like) auditing for Linux"
• Next in thread: Chris Wright: "Re: c2 (or c2-like) auditing for Linux"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Valdis.Kletnieksat_private (Valdis.Kletnieksat_private) wrote:
> 
> And I'm perfectly happy with that, because that is a reasonable attitude
> for Linus to take.  Now to figure out what '#ifdef CONFIG_C2_AUDIT' magic
> is needed for that to happen... :)

Might be a lot of magic to successfully handle the entry and exit points
of all audit code paths.  Don't get me wrong, I've felt the experience of
wanting a better audit trail on live systems.  But LSM gets you much of
the way to useful auditing.  It may not be CAPP compliant, but that
doesn't mean it isn't useful.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Crispin Cowan: "Re: c2 (or c2-like) auditing for Linux"
• Previous message: Chris Wright: "Re: c2 (or c2-like) auditing for Linux"
• In reply to: Valdis.Kletnieksat_private: "Re: c2 (or c2-like) auditing for Linux"
• Next in thread: Chris Wright: "Re: c2 (or c2-like) auditing for Linux"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 22:46:27 PST