On Tue, Dec 8, 2015 at 2:22 PM, Steve Grubb <[email protected]> wrote: > Hello, > > I would like to point out 2 new standards that have been posted to the linux > audit web page. The first establishes the events around system start up and > shutdown. This is important because it sets the session boundaries for when a > system is up or down or crashed. > > http://people.redhat.com/sgrubb/audit/system-lifecycle.txt > > The second standard is more of a forward looking standard. It explains how the > audit daemon and utilities will perform event enrichment before being stored > long term in an aggregator. The target for implementation is the 2.5 release > of the audit daemon. > > http://people.redhat.com/sgrubb/audit/event-enrichment > > Let me know if anyone has feedback on these standards, especially the second > one.
Were these two specification documents created based on published standards from an established standards body, e.g. NIST, IETF, etc? If so, I think it would be helpful for you to reference the published standard in your documents. If these specifications are an early draft standard intended to be submitted to a standards body then I would recommend mentioning the intended group in the document. -- paul moore www.paul-moore.com -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
