subject:"\[PATCH v2\] audit\: log module name on delete

Re: [PATCH v2] audit: log module name on delete_module

2017-03-15 Thread Paul Moore

On Mon, Mar 13, 2017 at 12:31 PM, Jessica Yu wrote: > +++ Paul Moore [13/03/17 10:16 -0400]: >> >> On Sat, Mar 11, 2017 at 9:24 PM, Richard Guy Briggs >> wrote: >>> >>> When a sysadmin wishes to monitor module unloading with a syscall rule >>> such as: >>> -a

Re: [PATCH v2] audit: log module name on delete_module

2017-03-15 Thread Paul Moore

On Mon, Mar 13, 2017 at 12:31 PM, Jessica Yu wrote: > +++ Paul Moore [13/03/17 10:16 -0400]: >> >> On Sat, Mar 11, 2017 at 9:24 PM, Richard Guy Briggs >> wrote: >>> >>> When a sysadmin wishes to monitor module unloading with a syscall rule >>> such as: >>> -a always,exit -F arch=x86_64 -S

Re: [PATCH v2] audit: log module name on delete_module

2017-03-13 Thread Jessica Yu

+++ Paul Moore [13/03/17 10:16 -0400]: On Sat, Mar 11, 2017 at 9:24 PM, Richard Guy Briggs wrote: When a sysadmin wishes to monitor module unloading with a syscall rule such as: -a always,exit -F arch=x86_64 -S delete_module -F key=mod-unload the SYSCALL record doesn't tell

Re: [PATCH v2] audit: log module name on delete_module

2017-03-13 Thread Jessica Yu

+++ Paul Moore [13/03/17 10:16 -0400]: On Sat, Mar 11, 2017 at 9:24 PM, Richard Guy Briggs wrote: When a sysadmin wishes to monitor module unloading with a syscall rule such as: -a always,exit -F arch=x86_64 -S delete_module -F key=mod-unload the SYSCALL record doesn't tell us what module was

Re: [PATCH v2] audit: log module name on delete_module

2017-03-13 Thread Paul Moore

On Sat, Mar 11, 2017 at 9:24 PM, Richard Guy Briggs wrote: > When a sysadmin wishes to monitor module unloading with a syscall rule such > as: > -a always,exit -F arch=x86_64 -S delete_module -F key=mod-unload > the SYSCALL record doesn't tell us what module was requested for

Re: [PATCH v2] audit: log module name on delete_module

2017-03-13 Thread Paul Moore

On Sat, Mar 11, 2017 at 9:24 PM, Richard Guy Briggs wrote: > When a sysadmin wishes to monitor module unloading with a syscall rule such > as: > -a always,exit -F arch=x86_64 -S delete_module -F key=mod-unload > the SYSCALL record doesn't tell us what module was requested for unloading. > > Use

[PATCH v2] audit: log module name on delete_module

2017-03-11 Thread Richard Guy Briggs

When a sysadmin wishes to monitor module unloading with a syscall rule such as: -a always,exit -F arch=x86_64 -S delete_module -F key=mod-unload the SYSCALL record doesn't tell us what module was requested for unloading. Use the new KERN_MODULE auxiliary record to record it. The SYSCALL record

[PATCH v2] audit: log module name on delete_module

2017-03-11 Thread Richard Guy Briggs

When a sysadmin wishes to monitor module unloading with a syscall rule such as: -a always,exit -F arch=x86_64 -S delete_module -F key=mod-unload the SYSCALL record doesn't tell us what module was requested for unloading. Use the new KERN_MODULE auxiliary record to record it. The SYSCALL record

Re: [PATCH v2] audit: log module name on delete_module

Re: [PATCH v2] audit: log module name on delete_module

Re: [PATCH v2] audit: log module name on delete_module

Re: [PATCH v2] audit: log module name on delete_module

Re: [PATCH v2] audit: log module name on delete_module

Re: [PATCH v2] audit: log module name on delete_module

[PATCH v2] audit: log module name on delete_module

[PATCH v2] audit: log module name on delete_module

8 matches

Site Navigation

Mail list logo

Footer information