On Tuesday, September 23, 2014 12:32:33 AM Richard Guy Briggs wrote: > On 14/09/08, Eric Paris wrote: > > On Mon, 2014-09-08 at 14:53 -0400, Steve Grubb wrote: > > > On Sunday, August 24, 2014 06:34:04 PM Richard Guy Briggs wrote: > > > > This is a part of Peter Moody, my and Eric Paris' work to implement > > > > audit by executable name. > > > > > > So, what's the status on this? Is it scheduled for the next upstream > > > kernel? This is a feature that's been missing for a long time. Many > > > people will find this useful. > > > > > > Also, has anyone beside Richard been testing this? > > > > I tested it when I wrote it. But don't know about this patch series. > > Is that worth anything? :) > > Do you still have the test procedure and the results?
The way that we tested other features being added to the kernel was to set up looping shell script that stress the system. Some thing similar for this addition would: add the rule, sleep, delete the rule list the rule, sleep, list the rules, list the rules start the app, sleep, term the app All 3 scripts would loop over and over for hours simultaneously. The idea is to provoke a race between inserting/deleting/listing rules and actually recording an event. You are looking for an oops, livelock, deadlock, or some other noticeable problem. I think Al would let something like this run over night before trusting it. The idea is to provoke problems that would affect normal operation. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
