CAPP auditable events
Amy Griffis
amy.griffis at hp.com
Mon Jul 18 15:55:11 UTC 2005
Hello,
I'm interested in defining a set of audit rules/watches that, when
loaded, cause audit to generate the set of auditable events required
by CAPP (CAPP, pp. 19-21).
I've consulted a variety of sources, including the CAPP specification
itself, the LAuS design document, and the LAuS filter.conf file
provided with our CAPP certification RPM. From that, I have a
configuration I believe to be fairly complete. However, the sources
seem to be in conflict on some parts, and none are a definitive
technical specification.
Is there a follow-on to the CAPP spec that provides a definitive
technical specification of the auditable events for linux 2.6; for
instance, by listing the specific system calls?
Thanks,
Amy
More information about the Linux-audit
mailing list