On 2012-08-01 00:00:19, Tyler Hicks wrote: > Hello Steve - This is a patch set that allows --disable-listener to be passed > to the configure script to disable the auditd network listener code at build > time. The reasoning is that a large number of users do not need centralized > audit logging and removing the network listening code from a root-owned auditd > process is appealing from a security perspective. > > The existing implementation clearly does not initialize the listener when > tcp_listen_port is undefined in auditd.conf, but I still think there is value > in not having the listening code present in all auditd installations.
Hi Steve - Do you have any thoughts on this idea? Thanks! Tyler > > The first three patches in the set are refactoring patches to move nearly all > of > the listening code into auditd-listen.c in order to minimize the number of > ifdefs that would need to be scattered throughout C source files. The fourth > patch is an optional cleanup patch. The last patch introduces the > --disable-listener option. > > The auditd listener code is still enabled by default so that existing distro > packaging recipes will not need to be updated. > > I look forward to your feedback. Thanks! > > Tyler > > -- > Linux-audit mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/linux-audit
signature.asc
Description: Digital signature
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
