[PATCHv2] netfilter: audit target to record accepted/dropped packets
Eric Paris
eparis at parisplace.org
Fri Jan 14 19:24:10 UTC 2011
On Fri, Jan 14, 2011 at 2:18 PM, Jan Engelhardt <jengelh at medozas.de> wrote:
(The reason for audit's existence still eludes me..)
audit exists because a very large number of gov't customers (Not just
USA) have special requirements about how 'relevant' information is
gathered and stored. They require centralization and standardization
and require pretty formal documentation describing it's operation.
The gov't certification authority has recently added a requirement
that they be able to log 'illegal attempted network connections' via
the approved audit facility. Thus, this patch.
-Eric
More information about the Linux-audit
mailing list