[PATCH] promiscuous mode
Steve Grubb
sgrubb at redhat.com
Thu Dec 15 15:18:10 UTC 2005
On Saturday 03 December 2005 08:39, Steve Grubb wrote:
> When a network interface goes into promiscuous mode, its an important
> security issue. The attached patch is intended to capture that action and
> send an event to the audit system.
I think we need to decide on this patch. Include it or not?
I think the best reason to include it is that when an interface goes into
promiscuous mode, the user can see packets for any role and sensitivity
regardless of what they are currently using. This message would note that an
exception to the information normal flow rules has occurred and is
potentially being captured to a file of unknown role and sensitivity.
-Steve
More information about the Linux-audit
mailing list