[redhat-lspp] [PATCH] promiscuous mode

Linda Knippers linda.knippers at hp.com
Mon Dec 5 15:48:55 UTC 2005


Steve Grubb wrote:
> On Monday 05 December 2005 10:16, Linda Knippers wrote:
> 
>>Why these three?
> 
> Because quota and rlimit events represent violations of system resource usage 
> policy set forth by the administrator. 

They aren't really violations of a policy because the operation didn't
succeed.  Its really a case of someone bumping into a resource limit.
Isn't that why for quotas the message just goes to the user's tty
rather than to syslog?

> I want promiscuous mode because that 
> means the user is now capable of sniffing passwords and other important 
> traffic.

I'd want to know of some other system on my network went into
promiscuous mode, but that system probably isn't being being
audited. :-)

-- ljk

> 
> -Steve




More information about the redhat-lspp mailing list