[redhat-lspp] [PATCH] promiscuous mode
Linda Knippers
linda.knippers at hp.com
Mon Dec 5 15:48:55 UTC 2005
Steve Grubb wrote:
> On Monday 05 December 2005 10:16, Linda Knippers wrote:
>
>>Why these three?
>
> Because quota and rlimit events represent violations of system resource usage
> policy set forth by the administrator.
They aren't really violations of a policy because the operation didn't
succeed. Its really a case of someone bumping into a resource limit.
Isn't that why for quotas the message just goes to the user's tty
rather than to syslog?
> I want promiscuous mode because that
> means the user is now capable of sniffing passwords and other important
> traffic.
I'd want to know of some other system on my network went into
promiscuous mode, but that system probably isn't being being
audited. :-)
-- ljk
>
> -Steve
More information about the Linux-audit
mailing list