Auditing - Snare, LAuS, SELinux
Thomas Biege
thomas at suse.de
Thu Sep 9 11:33:57 UTC 2004
> | Enhancing Rik's framework with LAuS code is really the best choice in my
> | opinion.
>
> So what are the low-level advantages of Rik's framework over LAuS,
> again? Just the low free trapping of syscalls in the non-audited
> case, and its current acceptance into the 2.6 line?
>
> What kind of userland tools are necessary now to really make audit.rik
> useful?
I do not know the technical details of the various implementations well
enough to compare them.
I have two things on my mind... ok let's say three:
- LAuS passed EAL3
- Rik's audit system is in the mainline kernel
- Rik's audit system is relatively small
If we combine them we have one standard audit subsystem, that is
maintained by the community, and will be CC compliant.
I also see the technical advantage of SELinux concerning filenames and the
tricks that can be played with them...
Bye,
Thomas
--
Thomas Biege <thomas at suse.de>, SUSE LINUX AG, Security Support & Auditing
--
Anyone who considers arithmetical methods of producing
random numbers is, of course, in a state of sin.
-- John von Neumann
More information about the Linux-audit
mailing list