Audit Filesystem
Timothy R. Chavez
chavezt at gmail.com
Sun Mar 6 18:30:04 UTC 2005
On Sun, 6 Mar 2005 09:51:06 -0500, Steve Grubb <sgrubb at redhat.com> wrote:
> Hi,
>
> I was trying to create a new kernel with all the latest patches. I ran into
> this error:
>
> + make ARCH=i386 nonint_oldconfig
> .config:2128: trying to assign nonexistent symbol USB_PWC
> CONFIG_AUDITFILESYSTEM
> make[1]: *** [nonint_oldconfig] Error 1
> make: *** [nonint_oldconfig] Error 2
I've never seen this before. Is nonint_oldconfig a Redhat-exclusive
target? I'll be posting a new patch for 2.6.11 vanilla today.
>
> Which makes me wonder why the filesystem auditing piece is a separate compile
> option? Do we want ala carte or a unified audit system? How does the user
> space tools find out what was compiled in?
I put it as a seperate option because I saw that Rik Faith had
seperated the generic auditing framework and the syscall auditing
portion in to two seperate config options. I figured I might as well
seperate out filesystem auditing too. It makes the whole system more
granular and can reduce overhead for a person who just wants generic
auditing or syscall auditing. Eventually I'd like to get some
performance numbers on just how much overhead I've added with
filesystem auditing configured Y and enabled as opposed to configured
N.
>
> I would like to suggest we get rid of this config option and make it all run
> as the audit system. Is there any reason to make it configurable?
Perhaps on Tuesday's call we can come to some sort of agreement.
>
> Thanks,
> -Steve Grubb
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> http://www.redhat.com/mailman/listinfo/linux-audit
>
--
- Timothy R. Chavez
More information about the Linux-audit
mailing list