Re: c2 (or c2-like) auditing for Linux

From: Chris Wright (chrisat_private)
Date: Wed Jan 29 2003 - 23:49:00 PST

  • Next message: Jesse Pollard: "Re: c2 (or c2-like) auditing for Linux"

    * Crispin Cowan (crispinat_private) wrote:
    > Question for Casey & other Orange Book folk: the above proposal 
    > *assumes* that it is C2 compliant to do checks in this order:
    > 
    >    1. error checks (no audit records if they fail)
    >    2. DAC checks (audit records)
    >    3. MAC checks (audit records)
    > 
    > Does this assumption hold?
    
    Dunno 'bout that.  But I believe POSIX.1e Auditing requires recording
    the use of a (POSIX 1 and 1e defined) system interface.
    
    thanks,
    -chris
    -- 
    Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 23:50:19 PST