[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH 0/3][REVISED] CAPP-compliant file system auditing



linux-audit-bounces redhat com wrote on 03/31/2005 04:46:29 PM:

> .:: Introduction ::.
> 
> The audit subsystem is currently incapable of auditing a file system 
object 
> based on its location and name.  This is critical for auditing 
well-defined 
> and security-relevant files such as /etc/shadow, where auditing on inode 
and 
> device is fallible.  This patch adds the necessary functionality to the 
audit 
> subsystem and VFS to support file system auditing in which an object is 
> audited based on its location and name.
> 
> The patch is split in two.
> 
> The first patch is the implementation of file system auditing.  The 
> bulk of it 
> resides in kernel/auditfs.c.  It is accompanied by a functional overview 
of 
> the design in the next message.
> 
> The second patch consists of file system hooks.  I anticipate some 
discussion 
> with regards to them and wanted to provide some context around their 
> placements and purpose.
> 
> ----
> 
> There... is that succinct enough?

Yes, much much better. consice, clear and to the point. 
You might say it is succinct. 

> 
> 
> -tim
> 
> --
> Linux-audit mailing list
> Linux-audit redhat com
> http://www.redhat.com/mailman/listinfo/linux-audit


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]