Quoting Steve Grubb <[email protected]>:
On Monday 17 August 2009 10:49:55 am David Flatley wrote:
<snip>
The SECSCAN requires many -w (watches) and a fair amount of syscalls. I
modified the syscalls to add your recommendation for using "arch=b32" and
"arch=b64".
Are there any public references to this standard?
No, there are not. The SECSCN Linux audit checking module was
something I hacked together in a vacuum a couple of years ago. The
"theory" was to try to satisfy DCID 6/3 auditing requirements at the
time. Not sure if the code has been modified since then; it was a
"best guess, first cut" standard at the time. I am checking with the
current development team to see if they've made any significant
changes since then.
Dave Muran-de Assereto
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
