AVC messages

Steve Grubb sgrubb at redhat.com
Wed Jan 5 04:06:31 UTC 2005


Hi,

First, I'd like to say that the current implementation is much further 
developed than the 0.5.6 release. I'm being held up in releasing new code, 
temporarily. Hopefully that will be resolved soon.

On Tuesday 04 January 2005 22:33, Linux wrote:
> Current auditd implementation does not have interfaces to pass audit log
> messages to other filter. 

This is true for 0.5.6. I have started a little work for passing messages 
along via dbus. If you have other ideas, say so.

> It seems it is becoming a bit complicated, a big 
> monolithic binary, I'd like to request to modify auditd to add APIs that
> loading filter plug-in's and pass audit log messages to them.

Hopefully not. I'm adding the basic functionality that's demanded of any audit 
daemon. Its not even 18K in size so it can't be big and monolithic. :)

> I can contribute some of my work if it is interesting to the author.

Yes, I'm interested. Post some patches or contact me offlist. Maybe I can put 
some things into the next release.

-Steve Grubb




More information about the Linux-audit mailing list