stime(2) auditing on x86_64
Todd, Charles
CTODD at ball.com
Sat Oct 27 04:29:39 UTC 2007
I was trying to get my system to pass a System Readiness Review (SRR)
from disa.mil and it would appear that stime(2) is not audited under
x86_64, either in v1.0.15 or v1.2.1 of auditd. I've looked at the
source code and stime(2) only seems to be audited on i386, ppc, and
s390. stime(2) is in my libc (nm /lib/libc.so.6 | grep stime).
Is this on purpose or is there something deeper? The full line of what
DISA expected me to configure is
-a exit,always -S stime -S acct -S reboot -S swapon
A careful observer will note that the CAPP suggested configuration
already captures adjtimex and settimeofday. I just want to pass my
test, but is there overlap here that I should push back on?
Thanks,
Charlie Todd
Ball Aerospace & Technologies Corp.
This message and any enclosures are intended only for the addressee. Please
notify the sender by email if you are not the intended recipient. If you are
not the intended recipient, you may not use, copy, disclose, or distribute this
message or its contents or enclosures to any other person and any such actions
may be unlawful. Ball reserves the right to monitor and review all messages
and enclosures sent to or from this email address.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20071027/a750b695/attachment.htm>
More information about the Linux-audit
mailing list