Re: [audit] Upstream solution for auditing file system objects

[James Morris]

On Fri, 10 Dec 2004, Timothy Chavez wrote:

> Greetings, 
>  
> I'm writing this e-mail to facilitate some discussion on an audit
> feature for inclusion to the mainline kernel's audit subsysystem. 

Note, there is a mailing list intended for audit discussion at 
https://www.redhat.com/archives/linux-audit/

It's been a bit quiet, but it may be useful for detailed discussions.

> 2.  Linux Security Module.

As Chris said, LSM is not suitable for CAPP auditing.

> 3.  SELinux.

I don't think it's a good idea to tie everyone in to using SELinux.
Audit and SELinux do need to play well together though (and SELinux is 
already integrated with some of the existing audit subsystem).

> 4.  Audit subsystem.

IMHO we need a distinct Audit subsystem, perhaps even something which can 
accomodate different implementations.

> However, the most obvious gain here, is that the subsystem is
> centralized and its intentions are clearer.

Indeed.


- James
-- 
James Morris
<jmorris@xxxxxxxxxx>


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/