AUDIT_NETFILTER_PKT message format
Paul Moore
paul at paul-moore.com
Sat Jan 21 17:37:50 UTC 2017
On Sat, Jan 21, 2017 at 6:27 AM, Patrick PIGNOL
<patrick.pignol at gmail.com> wrote:
> Hi all,
>
> I disagree !
>
> Many people in the world would like to allow an software A to go to internet
> through OUTPUT TCP port 80 but disallow software B to go to the internet
> through this same OUTPUT TCP port 80. Don't you know about viruses on linux
> ? Viruses ALWAYS use HTTP/HTTPS ports to get payloads on internet and OUTPUT
> TCP port 443 COULD NOT be CLOSED for ALL SOFTWARE if you want to access
> internet services (via internet browsers for example).
The Linux audit subsystem simply logs system events, it does not
enforce security policy. I suggest you investigate the different
Linux firewall tools and LSMs, e.g. SELinux, as they should help you
accomplish what you describe.
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list