[redhat-lspp] filesystem audit status
Amy Griffis
amy.griffis at hp.com
Fri Jan 13 19:06:04 UTC 2006
Hello,
I've received several questions lately regarding the status of the
filesystem auditing kernel implementation I've been working on. Here
is an update.
1. Augment audit context collection
http://www.redhat.com/archives/linux-audit/2005-October/msg00048.html
Patches: 2
http://www.redhat.com/archives/linux-audit/2005-October/msg00049.html
http://www.redhat.com/archives/linux-audit/2005-October/msg00050.html
Status:
In -mm tree since 2.6.14-mm1
2. Audit rule interface changes
http://www.redhat.com/archives/linux-audit/2006-January/msg00043.html
Patches: 2
http://www.redhat.com/archives/linux-audit/2006-January/msg00044.html
http://www.redhat.com/archives/linux-audit/2006-January/msg00045.html
Status:
In review. I will post new patches early next week which address
feedback received. These should be ready for the lspp test kernel.
3. Inotify kernel api
Patches: 1
https://www.redhat.com/archives/linux-audit/2005-August/msg00055.html
Status:
Patch is functional, but need to discuss a few things with the
inotify maintainer. May want/need to make a cleaner division
between kernel api, user api and core code.
4. Audit inotify client
Patches: 1
Status:
Will post first iteration along with current inotify kernel api
patch next week.
Additionally, there are some usability features we've discussed on
linux-audit that could be added. I consider them separate from the
patches for the baseline set of features (those currently present in
RHEL4), and can be added after the above pieces have been completed.
Hope this helps.
Amy
More information about the redhat-lspp
mailing list