[PATCH] promiscuous mode
Steve Grubb
sgrubb at redhat.com
Sat Dec 3 13:39:35 UTC 2005
Hi,
When a network interface goes into promiscuous mode, its an important security
issue. The attached patch is intended to capture that action and send an
event to the audit system.
The patch carves out a new block of numbers for kernel detected anomalies.
These are events that may indicate suspicious activity. Other examples of
potential kernel anomalies would be: exceeding disk quota, rlimit violations,
changes to syscall entry table.
Signed-off-by: Steve Grubb <sgrubb at redhat.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linux-2.6.14-audit-promiscuous.patch
Type: text/x-diff
Size: 1999 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20051203/d32f1761/attachment.bin>
More information about the Linux-audit
mailing list