[PATCH 0/5] Build time disabling of auditd network listener
Tyler Hicks
tyhicks at canonical.com
Mon Sep 10 18:39:10 UTC 2012
On 2012-08-01 00:00:19, Tyler Hicks wrote:
> Hello Steve - This is a patch set that allows --disable-listener to be passed
> to the configure script to disable the auditd network listener code at build
> time. The reasoning is that a large number of users do not need centralized
> audit logging and removing the network listening code from a root-owned auditd
> process is appealing from a security perspective.
>
> The existing implementation clearly does not initialize the listener when
> tcp_listen_port is undefined in auditd.conf, but I still think there is value
> in not having the listening code present in all auditd installations.
Hi Steve - Do you have any thoughts on this idea? Thanks!
Tyler
>
> The first three patches in the set are refactoring patches to move nearly all of
> the listening code into auditd-listen.c in order to minimize the number of
> ifdefs that would need to be scattered throughout C source files. The fourth
> patch is an optional cleanup patch. The last patch introduces the
> --disable-listener option.
>
> The auditd listener code is still enabled by default so that existing distro
> packaging recipes will not need to be updated.
>
> I look forward to your feedback. Thanks!
>
> Tyler
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20120910/82a54aa4/attachment.sig>
More information about the Linux-audit
mailing list