NetLabel audit messages
Steve Grubb
sgrubb at redhat.com
Fri Sep 22 18:06:04 UTC 2006
On Friday 22 September 2006 13:38, Paul Moore wrote:
> In order to meet certain certification requirements, the NetLabel kernel
> subsystem needs to write a small number of audit messages.
What are the requirements you are addressing? (I have a feeling that its
similar to what we have to do to file systems.)
> For the messages themselves, here is what I was thinking:
>
> "netlabel: <protocol> op=<operation> pid=<pid> tty=<tty> comm=<name>
> exe=<path> uid=<uid> auid=<auid> euid=<euid> suid=<suid>
> fsuid=<fsuid> gid=<gid> egid=<euid> sgid=<suid>
> fsgid=<fsuid> [<cipsov4 extras>|<managment extras>]"
This look very much like a syscall record...would it make sense to do this as
an aux record?
-Steve
More information about the Linux-audit
mailing list