Hi Lakshmi,
On Fri, 2020-06-05 at 20:13 -0700, Lakshmi Ramasubramanian wrote:
> Hi Mimi,
>
> In integrity audit message function the inverse of "result" is being
> logged for "res=". Please see below. Is this intentional?
>
> void integrity_audit_ms
On 6/6/20 6:51 PM, Mimi Zohar wrote:
Hi Lakshmi,
The commit message provides an explanation. Look at b0d5de4d5880 ("IMA: fix
audit res field to indicate 1 for success and 0 for failure").
Thanks for the info Mimi.
If this function logs the "result" parameter as passed by the caller,
the
Hi Mimi,
In integrity audit message function the inverse of "result" is being
logged for "res=". Please see below. Is this intentional?
void integrity_audit_msg(int audit_msgno, struct inode *inode,
const unsigned char *f
The original patch added support to auditd for integrity messages, which
are issued as a result of the integrity patchset that was applied to the
security-testing-2.6/#next tree.
This patch adds support for the new AUDIT_INTEGRITY_RULE message.
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Index:
On Monday 09 February 2009 06:24:20 pm Mimi Zohar wrote:
- Force audit result to be either 0 or 1.
- make template names const
- Add new stand-alone message type: AUDIT_INTEGRITY_RULE
OK, I think this patch fixes the problems from 2/8. Were you going to combine
them for a new 2/8 or just
On Tue, 2009-02-10 at 17:00 -0500, Steve Grubb wrote:
On Monday 09 February 2009 06:24:20 pm Mimi Zohar wrote:
- Force audit result to be either 0 or 1.
- make template names const
- Add new stand-alone message type: AUDIT_INTEGRITY_RULE
OK, I think this patch fixes the problems from
On Monday 09 February 2009 06:24:20 pm Mimi Zohar wrote:
- Force audit result to be either 0 or 1.
- make template names const
- Add new stand-alone message type: AUDIT_INTEGRITY_RULE
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Acked-by: Steve Grubb sgr...@redhat.com
---
diff --git
- Force audit result to be either 0 or 1.
- make template names const
- Add new stand-alone message type: AUDIT_INTEGRITY_RULE
Signed-off-by: Mimi Zohar zo...@us.ibm.com
---
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 930939a..4fa2810 100644
--- a/include/linux/audit.h
+++
integrity: audit
This patch adds support to auditd for integrity messages, which are
issued as a result of the integrity patchset that was applied to the
security-testing-2.6/#next tree.
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Index: audit-1.7.11/src/ausearch-parse.c
On Friday 06 February 2009 11:15:14 am Mimi Zohar wrote:
The integrity auditing discussions took place a while ago in August 2007
(http://osdir.com/ml/linux.redhat.security.audit/2007-09/msg7.html).
Thanks for the refresh. Its been so long, I forgot about this. :) Re-reading
the thread,
10 matches
Mail list logo