Hi > Yes, I saw that and since I am - as you also are - a subscriber to the > netfilter-dev mailing list, I followed the AUDIT target development > since it was first conceived by Thomas Graf and the patch first posted
I have only been following the list for a few weeks - whilst I will try and scan the archives, are there any highlights I should know about? > Since I've already done most of the work and have the patches needed to > "enable" this functionality - at least on the .35 kernel - I can provide > you with these plus instructions how to integrate them into the kernel. Sure - please post. I assume it's largely a case of simply grabbing the last modules and adjusting the makefiles/Kconfig? > All you have to do then is define your targets and check your auditd for > any messages and wait until shorewall catches up and is able to > implement this in the same way the (NF)LOG targets currently are. As I > already pointed out the AUDIT target is of great benefit to me as it > enables me to centralise all system-related security events into one > place (I also run a number of auditd daemons which are interlinked > between various machines providing me with one place where all logs are > stored and could be retrieved/viewed using ausearch/aureport). This actually sounds very cool and I'm immediately wondering how I can leverage it on our servers... Although we are now OT, can you perhaps sketch out some of the things you use this for in your system? Although I get the idea, I'm wondering if it is a good match for the kinds of things I might otherwise monitor with nagios/cacti? eg - jobs failing - sudden spam run - low disk space - network flow rates changing - increase in network hacking/probe attempts The last one seems within scope of the iptables stuff we are talking about, but seems like something more subtle than say a single rule So just curious what kind of things you find it helpful for? (For reference my architecture is a moderate number of virtual vserver machines on a small number of physical boxes) Thanks and good luck Ed W ------------------------------------------------------------------------------ What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
