New draft standards
Paul Moore
paul at paul-moore.com
Tue Dec 8 19:58:18 UTC 2015
On Tue, Dec 8, 2015 at 2:22 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> Hello,
>
> I would like to point out 2 new standards that have been posted to the linux
> audit web page. The first establishes the events around system start up and
> shutdown. This is important because it sets the session boundaries for when a
> system is up or down or crashed.
>
> http://people.redhat.com/sgrubb/audit/system-lifecycle.txt
>
> The second standard is more of a forward looking standard. It explains how the
> audit daemon and utilities will perform event enrichment before being stored
> long term in an aggregator. The target for implementation is the 2.5 release
> of the audit daemon.
>
> http://people.redhat.com/sgrubb/audit/event-enrichment
>
> Let me know if anyone has feedback on these standards, especially the second
> one.
Were these two specification documents created based on published
standards from an established standards body, e.g. NIST, IETF, etc?
If so, I think it would be helpful for you to reference the published
standard in your documents. If these specifications are an early
draft standard intended to be submitted to a standards body then I
would recommend mentioning the intended group in the document.
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list