SELinux, LSM, SNARE ...
M. Fecina
fecina at psu.edu
Fri Feb 11 18:23:36 UTC 2005
All,
I've been a lurking member of the SNARE development list
and this list for quite some time. My place of employment
has need to meet NISPOM CH.8 requirements on Linux systems.
Thus far, we've been using Leigh's SNARE 0.9.7 audit daemon
with the necessary kernel patches.
However, with all of the patches and progress being made
on SELinux, I'm wondering what the comparison is between
SNARE and SELinux. I know SELinux is built-in to the 2.6
kernel tree, and in conjunction with some userspace daemons (auditd),
it can provide audit trails.
Can anyone on this list tell me their thoughts on using SELinux
to meet all the functionality that SNARE has (minus the front-end GUI)
and to meet NISPOM ch.8 requirements? What do I need to get SELinux to
provide a similar implementation as SNARE? Is there *one* place where
all of the patches everyone has made on this list are rolled into?
I'd like to know where I should be spending my time -- SNARE or SELinux.
Thanks,
M. Fecina
--
Michael D. Fecina
Research Assistant
Applied Research Laboratory
Pennsylvania State University
814.863.5248
More information about the Linux-audit
mailing list