New field to auditd.conf file
Deepika Sundar
sundar.deepika18 at gmail.com
Mon Apr 25 06:56:07 UTC 2016
I wanted to add the namespace information in the audit record for example
pid_ns,user_ns,net_ns ,Is there any possibility to add this field inside
Audit structure?
On Thu, Apr 21, 2016 at 6:28 PM, Paul Moore <pmoore at redhat.com> wrote:
> As we've already mentioned several times, we can make no guarantees
> regarding functionality or compatibility without seeing your code.
> While it may be frustrating, this is how Open Source development
> works.
>
> If you are interested in our help you will need to describe, in
> detail, what you are trying to do and ideally post your existing code
> so it can be reviewed.
>
> On Thu, Apr 21, 2016 at 1:25 AM, Deepika Sundar
> <sundar.deepika18 at gmail.com> wrote:
> > Okay,If I update the Ausearch/aureport in order to aware of the new
> field in
> > the audit log structure can it be feasible one?
> >
> > On Wed, Apr 20, 2016 at 6:00 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> >>
> >> On Wednesday, April 20, 2016 10:05:42 AM Deepika Sundar wrote:
> >> > In general way,Is there any compatibility issues if audit log
> structure
> >> > gets modified?
> >>
> >> Yes, there can be problems if the log structure gets modified.
> >> Ausearch/report
> >> are highly optimized for an exact format.
> >>
> >> -Steve
> >>
> >>
> >> > On Wed, Apr 13, 2016 at 6:01 PM, Steve Grubb <sgrubb at redhat.com>
> wrote:
> >> > > On Wednesday, April 13, 2016 11:03:43 AM Deepika Sundar wrote:
> >> > > > As per my understanding audit log structure can be extendible
> based
> >> > > > on
> >> > > > requirements and in my project I need to add the identifier field
> >> > > > for
> >> > > > the
> >> > > > application and as of now I couldn't able to revel the What
> >> > > > application
> >> > > > trying to develop to update.So,Is there any possibility that
> without
> >> > > > breaking any Compatibility issues I can do it ?
> >> > >
> >> > > I have no idea what you are doing so there is no guarantee that it
> >> > > won't
> >> > > break
> >> > > something. If your project is going to be released as open source
> its
> >> > > generally best to collaborate with people so that problems can be
> >> > > pointed
> >> > > out.
> >> > > Otherwise you risk spending a lot of time on something only to have
> it
> >> > > rejected.
> >> > >
> >> > > -Steve
> >> > >
> >> > > > OR If any compatibility issues please specify .
> >> > > >
> >> > > > On Fri, Apr 8, 2016 at 12:12 AM, Paul Moore <paul at paul-moore.com>
> >> > > > wrote:
> >> > > > > On Thu, Apr 7, 2016 at 12:47 AM, Deepika Sundar
> >> > > > >
> >> > > > > <sundar.deepika18 at gmail.com> wrote:
> >> > > > > > In the same way, in the kernel side
> >> > > > > > Can I able to add one new field to the audit log structure
> >> > > > > > without
> >> > > > >
> >> > > > > breaking
> >> > > > >
> >> > > > > > Compatibility? If so,
> >> > > > > >
> >> > > > > > 1.How can I add new field without breaking compatibility?
> >> > > > > >
> >> > > > > > or
> >> > > > > >
> >> > > > > > 2.Is there any reserve field in audit log structure so that
> I
> >> > > > > > can
> >> > >
> >> > > make
> >> > >
> >> > > > > use
> >> > > > >
> >> > > > > > of it?
> >> > > > >
> >> > > > > You need to be more specific about what you are trying to do.
> >> > > > > Speaking generally, unless you work to get your changed merged
> >> > > > > into
> >> > > > > the upstream kernel and userspace tools we cannot guarantee
> >> > > > > present or
> >> > > > > future compatibility.
> >> > > > >
> >> > > > > --
> >> > > > > paul moore
> >> > > > > www.paul-moore.com
> >>
> >
> >
> > --
> > Linux-audit mailing list
> > Linux-audit at redhat.com
> > https://www.redhat.com/mailman/listinfo/linux-audit
>
>
>
> --
> paul moore
> security @ redhat
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20160425/882d2b01/attachment.htm>
More information about the Linux-audit
mailing list