[RFC][PATCH 0/3][REVISED] CAPP-compliant file system auditing
Mounir Bsaibes
bsaibes at us.ibm.com
Thu Mar 31 23:53:43 UTC 2005
linux-audit-bounces at redhat.com wrote on 03/31/2005 04:46:29 PM:
> .:: Introduction ::.
>
> The audit subsystem is currently incapable of auditing a file system
object
> based on its location and name. This is critical for auditing
well-defined
> and security-relevant files such as /etc/shadow, where auditing on inode
and
> device is fallible. This patch adds the necessary functionality to the
audit
> subsystem and VFS to support file system auditing in which an object is
> audited based on its location and name.
>
> The patch is split in two.
>
> The first patch is the implementation of file system auditing. The
> bulk of it
> resides in kernel/auditfs.c. It is accompanied by a functional overview
of
> the design in the next message.
>
> The second patch consists of file system hooks. I anticipate some
discussion
> with regards to them and wanted to provide some context around their
> placements and purpose.
>
> ----
>
> There... is that succinct enough?
Yes, much much better. consice, clear and to the point.
You might say it is succinct.
>
>
> -tim
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> http://www.redhat.com/mailman/listinfo/linux-audit
More information about the Linux-audit
mailing list