New development

[Steve Grubb]

Hello,

I am in the process of reviewing the requirements for the next round of 
development for the audit system. I've worked out a rough schedule for the 
user space side of things. I will produce more documentation over the next 
couple of days describing what is needed and what would be nice to add. I 
would like for this to be an open discussion among all parties as this 
affects the whole linux community.

The rough schedule for the next series goes something like this:

1.1 -> 1.2 event dispatcher, plugin framework, and some basic plugins
1.2 -> 1.3 label support + more plugins
1.3 -> 1.4 add new config options, summary reports, binary format
1.4 -> 1.5 audit explorer & gui config

There are several reasons for doing plugins first. Partly due to limited time 
of people working on it and also to give file system auditing a chance to get 
upstream. This way we are working in parallel.

If you have ideas about nice things to add, lets start the discussion. We 
don't need to talk about LSPP as that will be by-the-book. (I want that 
discussion to be its own thread, but not yet. This is just pie in the sky 
planning.) I'm looking for usability and neat to have items.

Another thing I'd like to point out is that the plugin architecture will let 
us eventually layer an IDS on top of the audit system. This is a long range 
goal that will take some time to get to.

-Steve