[RFC][PATCH] (#2) Prelim in-kernel file system auditing support
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Tue Jan 25 17:58:32 UTC 2005
On Tue, 25 Jan 2005 09:40:00 PST, Casey Schaufler said:
> What are the implications regarding a chroot
> environment? I can imagine (although it strikes
> me as somewhat insane) an admin wanting to audit
> everything that goes on in a chroot environment,
> say for a honeypot. The watching would have to
> be enabled from outside. Not a bad thing, but is
> it what you want?
Well, from where I'm sitting, *if* you buy into the idea of
a honeypot as being sane, you *definitely* want to be able
to enable auditing from "outside".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050125/46fd72ec/attachment.sig>
More information about the Linux-audit
mailing list