auditing support for FC2 w/ kernel 2.6.10-1.771_FC2
Verbeeck Derek
DVerbeeck at LIO.AACISD.com
Thu Feb 9 21:20:18 UTC 2006
Steve,
I've had zero success with any of the releases on that page. Machine is running the stock gcc that shipped w/ FC2 and the updated 2.6.10 kernel, and I also tried it on a replica of this machine running 2.6.15.1. The make fails out on a bunch of calls to some functions. The site mentions needing updated glibc-kernel headers, but can these even be safely updated without hosing the system?
Trying to find the least painful way to get auditing support on these systems. Neither laus, the built-in kernel auditing support with these user space packages, or SNARE seem to work.
-Derek
-----Original Message-----
From: Steve G [mailto:linux_4ever at yahoo.com]
Sent: Wednesday, February 08, 2006 3:56 PM
To: Verbeeck Derek; fedora-selinux-list at redhat.com
Subject: Re: auditing support for FC2 w/ kernel 2.6.10-1.771_FC2
>Does anyone have experience with a similar scenario? Am I going about this the
>wrong way?
Yep. What you are talking about is laus - which is a Suse audit system. The 2.6
kernel has a native audit system that works completely different from Laus. The
user space package can be found at http://people.redhat.com/sgrubb/audit. The
latest stable version is 1.0.14.
I want to think that you need 2.6.14 kernel to have most problems solved. You can
try the older kernel and if you run into problems you should look for something
newer.
-Steve
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the fedora-selinux-list
mailing list