On 2017-02-13 19:24, Richard Guy Briggs wrote:
> On 2017-02-13 18:50, Paul Moore wrote:
> > On Mon, Feb 13, 2017 at 3:50 PM, Richard Guy Briggs wrote:
> > > useless?smac, dmac, macproto
> >
> > Probably useless in the majority of use cases.
>
> How do we deal with the
On Thu, Feb 16, 2017 at 5:36 PM, Richard Guy Briggs wrote:
> On 2017-02-15 19:32, Paul Moore wrote:
>> On Mon, Feb 13, 2017 at 7:24 PM, Richard Guy Briggs wrote:
>> > On 2017-02-13 18:50, Paul Moore wrote:
>> >> On Mon, Feb 13, 2017 at 3:50 PM, Richard Guy
On 2017-02-16 20:57, Paul Moore wrote:
> [NOTE: I'll respond back to the other part of your email later but I'm
> running out of time in the day and this was a quick but important
> response]
>
> On Thu, Feb 16, 2017 at 5:36 PM, Richard Guy Briggs wrote:
> > Steve has requested
[NOTE: I'll respond back to the other part of your email later but I'm
running out of time in the day and this was a quick but important
response]
On Thu, Feb 16, 2017 at 5:36 PM, Richard Guy Briggs wrote:
> Steve has requested the subject attributes which prefixes 7 fields.
I
On 2017-02-14 16:06, Paul Moore wrote:
> On Mon, Feb 13, 2017 at 7:24 PM, Richard Guy Briggs wrote:
> > On 2017-02-13 18:50, Paul Moore wrote:
> >> On Mon, Feb 13, 2017 at 3:50 PM, Richard Guy Briggs
> >> wrote:
>
> ...
>
> >> > useless?smac, dmac,
On 2017-02-14 16:31, Steve Grubb wrote:
> On Monday, February 13, 2017 3:50:05 PM EST Richard Guy Briggs wrote:
> > > > > > The alternatives that I currently see are to drop packets for which
> > > > > > there is no local process ownership, or to leave the ownership
> > > > > > fields unset.
> > >
On Mon, Feb 13, 2017 at 7:24 PM, Richard Guy Briggs wrote:
> On 2017-02-13 18:50, Paul Moore wrote:
>> On Mon, Feb 13, 2017 at 3:50 PM, Richard Guy Briggs wrote:
...
>> > helpful action, hook
>>
>> I haven't checked, but do we allow setting of an audit
On Monday, February 13, 2017 3:50:05 PM EST Richard Guy Briggs wrote:
> > > > > The alternatives that I currently see are to drop packets for which
> > > > > there is no local process ownership, or to leave the ownership
> > > > > fields unset.
> > > >
> > > > What ownership fields are we talking
On 2017-02-13 18:50, Paul Moore wrote:
> On Mon, Feb 13, 2017 at 3:50 PM, Richard Guy Briggs wrote:
> > On 2017-02-13 12:57, Steve Grubb wrote:
> >> On Friday, February 10, 2017 5:54:45 PM EST Richard Guy Briggs wrote:
> >> > On 2017-02-10 17:39, Steve Grubb wrote:
> >> > > > The
On Mon, Feb 13, 2017 at 3:50 PM, Richard Guy Briggs wrote:
> On 2017-02-13 12:57, Steve Grubb wrote:
>> On Friday, February 10, 2017 5:54:45 PM EST Richard Guy Briggs wrote:
>> > On 2017-02-10 17:39, Steve Grubb wrote:
>> > > > The alternatives that I currently see are to drop
On 2017-02-13 12:57, Steve Grubb wrote:
> On Friday, February 10, 2017 5:54:45 PM EST Richard Guy Briggs wrote:
> > On 2017-02-10 17:39, Steve Grubb wrote:
> > > > The alternatives that I currently see are to drop packets for which
> > > > there is no local process ownership, or to leave the
On Friday, February 10, 2017 5:54:45 PM EST Richard Guy Briggs wrote:
> On 2017-02-10 17:39, Steve Grubb wrote:
> > > The alternatives that I currently see are to drop packets for which
> > > there is no local process ownership, or to leave the ownership fields
> > > unset.>
>
> > What ownership
On 2017-02-10 17:39, Steve Grubb wrote:
> On Thursday, February 9, 2017 8:12:47 PM EST Richard Guy Briggs wrote:
> > On 2017-02-09 19:09, Steve Grubb wrote:
> > > On Thursday, February 9, 2017 6:49:38 PM EST Richard Guy Briggs wrote:
> > > > On 2017-02-08 18:09, Paul Moore wrote:
> > > > > On Wed,
On Thursday, February 9, 2017 8:12:47 PM EST Richard Guy Briggs wrote:
> On 2017-02-09 19:09, Steve Grubb wrote:
> > On Thursday, February 9, 2017 6:49:38 PM EST Richard Guy Briggs wrote:
> > > On 2017-02-08 18:09, Paul Moore wrote:
> > > > On Wed, Feb 8, 2017 at 11:30 AM, Steve Grubb
On Thursday, February 9, 2017 6:49:38 PM EST Richard Guy Briggs wrote:
> On 2017-02-08 18:09, Paul Moore wrote:
> > On Wed, Feb 8, 2017 at 11:30 AM, Steve Grubb wrote:
> > > On Tuesday, February 7, 2017 10:56:39 PM EST Paul Moore wrote:
> > >> On Tue, Feb 7, 2017 at 3:52 PM,
On 2017-02-08 18:09, Paul Moore wrote:
> On Wed, Feb 8, 2017 at 11:30 AM, Steve Grubb wrote:
> > On Tuesday, February 7, 2017 10:56:39 PM EST Paul Moore wrote:
> >> On Tue, Feb 7, 2017 at 3:52 PM, Richard Guy Briggs wrote:
> >> > So while I'm not advocating
On Thu, Feb 9, 2017 at 5:56 AM, Pablo Neira Ayuso wrote:
> Hi Paul,
>
> On Wed, Feb 08, 2017 at 06:09:07PM -0500, Paul Moore wrote:
>> On Wed, Feb 8, 2017 at 11:30 AM, Steve Grubb wrote:
>> > On Tuesday, February 7, 2017 10:56:39 PM EST Paul Moore wrote:
Hi Paul,
On Wed, Feb 08, 2017 at 06:09:07PM -0500, Paul Moore wrote:
> On Wed, Feb 8, 2017 at 11:30 AM, Steve Grubb wrote:
> > On Tuesday, February 7, 2017 10:56:39 PM EST Paul Moore wrote:
> >> On Tue, Feb 7, 2017 at 3:52 PM, Richard Guy Briggs wrote:
> >> >
On Wed, Feb 8, 2017 at 11:30 AM, Steve Grubb wrote:
> On Tuesday, February 7, 2017 10:56:39 PM EST Paul Moore wrote:
>> On Tue, Feb 7, 2017 at 3:52 PM, Richard Guy Briggs wrote:
>> > So while I'm not advocating this is what should be done and I'm trying
>> >
On Tuesday, February 7, 2017 10:56:39 PM EST Paul Moore wrote:
> On Tue, Feb 7, 2017 at 3:52 PM, Richard Guy Briggs wrote:
> > So while I'm not advocating this is what should be done and I'm trying
> > to establish bounds to the scope of this feature, but would it be
> >
On Tue, Feb 7, 2017 at 3:52 PM, Richard Guy Briggs wrote:
> So while I'm not advocating this is what should be done and I'm trying
> to establish bounds to the scope of this feature, but would it be
> reasonable to simply not log packets that were transiting this machine
>
On 2017-01-20 09:49, Steve Grubb wrote:
> On Wednesday, January 18, 2017 6:35:29 PM EST Paul Moore wrote:
> > On Wed, Jan 18, 2017 at 10:15 AM, Richard Guy Briggs
> > wrote:
> > > On 2017-01-18 07:32, Paul Moore wrote:
> > >> On Wed, Jan 18, 2017 at 12:39 AM, Richard Guy Briggs
On 2017-01-21 20:12, Patrick PIGNOL wrote:
> Hi all,
>
> I just writen that because I read
>
> "
>
> Determining the pid/subj of a packet is notoriously
> difficult/impossible in netfilter so let's drop that; with proper
> policy/rules you should be able to match proto/port with a given
>
Hi all,
I just writen that because I read
"
Determining the pid/subj of a packet is notoriously
difficult/impossible in netfilter so let's drop that; with proper
policy/rules you should be able to match proto/port with a given
process so this shouldn't be that critical. The source/destination
On Sat, Jan 21, 2017 at 6:27 AM, Patrick PIGNOL
wrote:
> Hi all,
>
> I disagree !
>
> Many people in the world would like to allow an software A to go to internet
> through OUTPUT TCP port 80 but disallow software B to go to the internet
> through this same OUTPUT TCP
Hi all,
I disagree !
Many people in the world would like to allow an software A to go to
internet through OUTPUT TCP port 80 but disallow software B to go to the
internet through this same OUTPUT TCP port 80. Don't you know about
viruses on linux ? Viruses ALWAYS use HTTP/HTTPS ports to get
On Fri, Jan 20, 2017 at 9:49 AM, Steve Grubb wrote:
> On Wednesday, January 18, 2017 6:35:29 PM EST Paul Moore wrote:
>> At this point I think it would be good to hear what requirements exist
>> for per-packet auditing. Steve, are there any current Common Criteria
>> (or
On Wednesday, January 18, 2017 6:35:29 PM EST Paul Moore wrote:
> On Wed, Jan 18, 2017 at 10:15 AM, Richard Guy Briggs wrote:
> > On 2017-01-18 07:32, Paul Moore wrote:
> >> On Wed, Jan 18, 2017 at 12:39 AM, Richard Guy Briggs
wrote:
> >> > On 2017-01-17 21:34,
On Wed, Jan 18, 2017 at 10:15 AM, Richard Guy Briggs wrote:
> On 2017-01-18 07:32, Paul Moore wrote:
>> On Wed, Jan 18, 2017 at 12:39 AM, Richard Guy Briggs wrote:
>> > On 2017-01-17 21:34, Richard Guy Briggs wrote:
>> >> On 2017-01-17 15:17, Paul Moore wrote:
On 2017-01-18 07:32, Paul Moore wrote:
> On Wed, Jan 18, 2017 at 12:39 AM, Richard Guy Briggs wrote:
> > On 2017-01-17 21:34, Richard Guy Briggs wrote:
> >> On 2017-01-17 15:17, Paul Moore wrote:
> >> > On Tue, Jan 17, 2017 at 11:12 AM, Richard Guy Briggs
> >>
On Wed, Jan 18, 2017 at 12:39 AM, Richard Guy Briggs wrote:
> On 2017-01-17 21:34, Richard Guy Briggs wrote:
>> On 2017-01-17 15:17, Paul Moore wrote:
>> > On Tue, Jan 17, 2017 at 11:12 AM, Richard Guy Briggs
>> > wrote:
>> > > On 2017-01-17 08:55, Steve Grubb
On 2017-01-17 21:34, Richard Guy Briggs wrote:
> On 2017-01-17 15:17, Paul Moore wrote:
> > On Tue, Jan 17, 2017 at 11:12 AM, Richard Guy Briggs
> > wrote:
> > > On 2017-01-17 08:55, Steve Grubb wrote:
> > >> On Tuesday, January 17, 2017 12:25:51 AM EST Richard Guy Briggs wrote:
On 2017-01-17 15:17, Paul Moore wrote:
> On Tue, Jan 17, 2017 at 11:12 AM, Richard Guy Briggs wrote:
> > On 2017-01-17 08:55, Steve Grubb wrote:
> >> On Tuesday, January 17, 2017 12:25:51 AM EST Richard Guy Briggs wrote:
>
> ...
>
> >> > Ones that are not so straightforward:
>
On Tue, Jan 17, 2017 at 11:12 AM, Richard Guy Briggs wrote:
> On 2017-01-17 08:55, Steve Grubb wrote:
>> On Tuesday, January 17, 2017 12:25:51 AM EST Richard Guy Briggs wrote:
...
>> > Ones that are not so straightforward:
>> > - "secmark" depends on a kernel config setting, so
On Tuesday, January 17, 2017 11:29:43 AM EST Richard Guy Briggs wrote:
> On 2017-01-17 11:12, Richard Guy Briggs wrote:
> > On 2017-01-17 08:55, Steve Grubb wrote:
> > > On Tuesday, January 17, 2017 12:25:51 AM EST Richard Guy Briggs wrote:
> > > > I'm just starting to look at the normalization of
On 2017-01-17 11:12, Richard Guy Briggs wrote:
> On 2017-01-17 08:55, Steve Grubb wrote:
> > On Tuesday, January 17, 2017 12:25:51 AM EST Richard Guy Briggs wrote:
> > > I'm just starting to look at the normalization of AUDIT_NETFILTER_PKT
> > > event messages and it is not quite as
On 2017-01-17 08:55, Steve Grubb wrote:
> On Tuesday, January 17, 2017 12:25:51 AM EST Richard Guy Briggs wrote:
> > I'm just starting to look at the normalization of AUDIT_NETFILTER_PKT
> > event messages and it is not quite as straightforward as I had expected.
> >
> > It is being tracked here:
On Tuesday, January 17, 2017 12:25:51 AM EST Richard Guy Briggs wrote:
> I'm just starting to look at the normalization of AUDIT_NETFILTER_PKT
> event messages and it is not quite as straightforward as I had expected.
>
> It is being tracked here:
>
Hi,
I'm just starting to look at the normalization of AUDIT_NETFILTER_PKT
event messages and it is not quite as straightforward as I had expected.
It is being tracked here:
https://github.com/linux-audit/audit-kernel/issues/11
and refers to a previous posting from Mr. Dash Four from four
39 matches
Mail list logo