[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Kernel auditing code reference?

From: "Stephen J. Smoogen" <smooge gmail com>
To: "Discussion of Red Hat Enterprise Linux 3 (Taroon)" <taroon-list redhat com>
Cc: "Red Hat Enterprise Linux 4 \(Nahant\) Discussion List" <nahant-list redhat com>
Subject: Re: Kernel auditing code reference?
Date: Thu, 6 Oct 2005 11:47:07 -0600

On 10/5/05, Shaw, Marco <Marco Shaw aliant ca> wrote:
> I'm curious to know what this 'kernel auditing code' is.
>
> I guess it is something recently implemented.  I tried
> goggling for it, but the only thing coming up is a recent
> denial of service issue.
>
> Apart from going through the source, anyone know of any good
> sites that talk about it?
>

Depending on the version of Enterprise Linux you are using, there are
2 different auditing cores. In Red Hat Enterprise 3 there is LAUS
which was implemented by Rik Faith and some others. In RHEL 4U2 there
is auditd which is another implementation. Both are meant to implement
auditing of objects (was this file opened, was this file closed, did
they have privs, etc) for CAPP and other security regimes.

--
Stephen J Smoogen.
CSIRT/Linux System Administrator

References:
- Kernel auditing code reference?
  - From: Shaw, Marco

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]