Linux audit newbie question (Sorry probably a little boring...)
Steve Grubb
sgrubb at redhat.com
Mon May 8 15:12:28 UTC 2006
On Sunday 07 May 2006 10:46, Adrian Powell wrote:
> Thanks for the information. If we were able to go for a 2.6.14
> kernel at some point in the future, would you be fairly confident that this
> syscall auditing code would be maintained in the forseeable future ?.
Yes, it is in the kernel that is distributed by kernel.org. So, it will be
maintained. It is also a main ingrediant for anyone doing CAPP/LSPP
certification. All major distributions and their hardware partners have a
vested interest in doing this, so there should be people to maintain this in
the future.
That said, I don't forsee a lot of maintenance once we are completely done
with it. It is the kind of project that can come to an end and just have
someone watch for changes that may impact the audit system (new syscalls,
changed code paths, etc.)
> It appears that many of the earlier developers have now moved on to other
> things from what I can find. Who is regarded as the definitive developer of
> this code these days ?.
I am for user space side, there is a bunch of people that have worked on the
kernel side of it. This mail list can be used for any questions or concerns
about the native/upstreamed linux kernel audit system for either user space
or kernel.
-Steve
More information about the Linux-audit
mailing list