On Mon, Jul 8, 2013 at 2:55 PM, Eric Paris wrote:
> On Mon, 2013-07-08 at 16:28 -0400, Steve Grubb wrote:
> > On Friday, May 24, 2013 12:11:44 PM Eric Paris wrote:
> > > The audit_status structure was not designed with extensibility in mind.
> > > Define a new AUDIT_SET_FEATURE message type which
On Mon, 2013-07-08 at 16:28 -0400, Steve Grubb wrote:
> On Friday, May 24, 2013 12:11:44 PM Eric Paris wrote:
> > The audit_status structure was not designed with extensibility in mind.
> > Define a new AUDIT_SET_FEATURE message type which takes a new structure
> > of bits where things can be enabl
On Mon, 2013-07-08 at 17:26 -0400, Steve Grubb wrote:
> On Monday, July 08, 2013 04:51:20 PM Eric Paris wrote:
> > If we don't trust the audit system initialization we already lost and no
> > amount of audit= is going to change that.
>
> I'm thinking more about High Assurance cases where the bo
On Monday, July 08, 2013 04:51:20 PM Eric Paris wrote:
> On Mon, 2013-07-08 at 16:34 -0400, Steve Grubb wrote:
> > On Friday, May 24, 2013 12:11:50 PM Eric Paris wrote:
> > > This adds a new 'audit_feature' bit which allows userspace to set it
> > > such that the loginuid is absolutely immutable, e
On Mon, 2013-07-08 at 16:34 -0400, Steve Grubb wrote:
> On Friday, May 24, 2013 12:11:50 PM Eric Paris wrote:
> > This adds a new 'audit_feature' bit which allows userspace to set it
> > such that the loginuid is absolutely immutable, even if you have
> > CAP_AUDIT_CONTROL.
>
> I'm also not sure I
On Friday, May 24, 2013 12:11:50 PM Eric Paris wrote:
> This adds a new 'audit_feature' bit which allows userspace to set it
> such that the loginuid is absolutely immutable, even if you have
> CAP_AUDIT_CONTROL.
I'm also not sure I like it done this way. What I was thinking about is that
we shou
On Friday, May 24, 2013 12:11:44 PM Eric Paris wrote:
> The audit_status structure was not designed with extensibility in mind.
> Define a new AUDIT_SET_FEATURE message type which takes a new structure
> of bits where things can be enabled/disabled/locked one at a time.
This changes how we have be
On Wednesday, July 03, 2013 10:48:56 PM Richard Guy Briggs wrote:
> I've gone back over the discussion of this feature and some of the
> background in the past couple of years on this list...
>
> We've got a kernel deadline coming up in the next month if we want to
> get something included in RHEL
On Sun, Jul 07, 2013 at 03:41:41PM -0700, Peter Moody wrote:
>
> On Wed, Jul 03 2013 at 19:48, Richard Guy Briggs wrote:
> > On Thu, Aug 23, 2012 at 12:24:00PM -0700, Peter Moody wrote:
> >> This adds the ability audit the actions of a not-yet-running process,
> >> as well as the children of a not
On Monday, July 08, 2013 01:53:24 PM leam hall wrote:
> Morning all! My first post to the list.
>
> I'm getting errors on a RHEL 5 box when I add audit rules for chown32 and
> lchown32.
>
> Info on the box:
>
> Linux myhost 2.6.18-348.6.1.el5 #1 SMP Fri Apr 26 09:21:26 EDT 2013 x86_64
> x86_64 x
Morning all! My first post to the list.
I'm getting errors on a RHEL 5 box when I add audit rules for chown32 and
lchown32.
Info on the box:
Linux myhost 2.6.18-348.6.1.el5 #1 SMP Fri Apr 26 09:21:26 EDT 2013 x86_64
x86_64 x86_64 GNU/Linux
Error:
service auditd restart
Stopping auditd:
11 matches
Mail list logo