audit 0.6 release

Steve Grubb sgrubb at redhat.com
Fri Jan 7 01:40:28 UTC 2005


On Thursday 06 January 2005 17:30, Casey Schaufler wrote:
> If you haven't read the current
> project design it might be a good idea to do so.

I think he was asking for a clue as to what the auditctl syntax might be. 
While all of this discussion is good background information, I don't think it 
helps the immediate problem.

There has to be a way for people to easily do this or we need to fix the 
framework. Leigh's right...this does go back to the vfs discussion. FWIW, 
this is the code for the rule matcher so you can get an idea of what its 
current capabilities are:

http://lxr.linux.no/source/kernel/auditsc.c?v=2.6.8.1#L288

So I think the correct answer for Tom is that people are working on providing 
the kernel pieces to make this work? The audit framework is still a work in 
progress. Both the kernel side and user space side.

-Steve Grubb




More information about the Linux-audit mailing list