Audit plug-ins development
Steve Grubb
sgrubb at redhat.com
Tue Aug 7 21:28:49 UTC 2007
On Tuesday 07 August 2007 10:10:07 am Klaus Heinrich Kiwi wrote:
> I'm interested in developing an audit plug-in to forward events to z/OS
> RACF (sort of a centralized AAA facility for IBM System Z systems).
Nice.
> What is your general idea for audit plug-ins deploymet?
You would drop a config file into /etc/audisp/plugins.d and it contains the
information to tell the dispatcher what to do. I think there are a couple in
audit-1.5.7/new_audispd/configs to look at for an example.
> Would we be able to contribute the plug-ins to the audit userspace so that
> they can be available in the audit source package, and then maybe in a
> separate binary package upon building?
That sounds good unless...
> Can you give us some hints about how would you want this code contributions
> and how would you want these blended in the audit tree?
I'm wanting to keep the audit code GPLv2+ and the libraries LGPLv2+ so that if
there is any compelling reason to change licenses that the project can do
that. But I don't have any immediate plans to change to v3 right now.
I would like to just create a plugins directory under audit-1.5.7/new_audispd
and then each plugin under that. I'm looking to move the project to Feodora's
cvs facilities sometime soon. So, maybe the 1.5.8 release I could merge any
plugins? I also need to do a quick write-up for what is expected of a plugin
before I start accepting them.
-Steve
More information about the Linux-audit
mailing list