Re: c2 (or c2-like) auditing for Linux

From: Chris Wright (chrisat_private)
Date: Wed Jan 29 2003 - 23:49:00 PST

  • Next message: Jesse Pollard: "Re: c2 (or c2-like) auditing for Linux"

    * Crispin Cowan (crispinat_private) wrote:
    > Question for Casey & other Orange Book folk: the above proposal 
    > *assumes* that it is C2 compliant to do checks in this order:
    >    1. error checks (no audit records if they fail)
    >    2. DAC checks (audit records)
    >    3. MAC checks (audit records)
    > Does this assumption hold?
    Dunno 'bout that.  But I believe POSIX.1e Auditing requires recording
    the use of a (POSIX 1 and 1e defined) system interface.
    Linux Security Modules
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 23:50:19 PST