buffer space
D.A. Muran-de Assereto
dmuran at tuad.org
Sun Aug 23 04:12:43 UTC 2009
Quoting Steve Grubb <sgrubb at redhat.com>:
> On Monday 17 August 2009 10:49:55 am David Flatley wrote:
<snip>
>> The SECSCAN requires many -w (watches) and a fair amount of syscalls. I
>> modified the syscalls to add your recommendation for using "arch=b32" and
>> "arch=b64".
>
> Are there any public references to this standard?
No, there are not. The SECSCN Linux audit checking module was
something I hacked together in a vacuum a couple of years ago. The
"theory" was to try to satisfy DCID 6/3 auditing requirements at the
time. Not sure if the code has been modified since then; it was a
"best guess, first cut" standard at the time. I am checking with the
current development team to see if they've made any significant
changes since then.
Dave Muran-de Assereto
More information about the Linux-audit
mailing list