[RFC] linux-2.6.10-auditfs-tc1.patch
Casey Schaufler
casey at schaufler-ca.com
Sat Jan 22 01:19:16 UTC 2005
--- Steve Grubb <sgrubb at redhat.com> wrote:
> Based on previous discussions, I think this would be
> required for LSPP. If we
> are going for LSPP after meeting CAPP, it wouldn't
> be bad to start getting
> some things in place.
Capabilties are fun in a CAPP environment, too.
The Irix CAPP system (for example) uses
capabilities and yes, they go in the audit trail
along with an indication of which capabilities were
required to perform the action, if any.
This is probably a bit late in the discussion,
but have y'all considered using a tokenized audit
record format? If you did you wouldn't have to
care if any given bit of information was there
just yet, or allocate a place for things that
might or might not be there someday. Both Solaris
and Irix use tokenized schemes to effect.
=====
Casey Schaufler
casey at schaufler-ca.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Linux-audit
mailing list