Kernel auditing code reference?

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Installation - Getting started with Red Hat Linux

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	sendmail configuration on redhat
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	Promise 378 controller
•	kernel 2 6 and /dev/sound/mixer not found
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	Lotus Notes under Wine
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	Command stream end of file while reading
•	rpm database corrupt
•	qla2300 modules

Kernel auditing code reference?

Kernel auditing code reference?

2005-10-06 - By Stephen J. Smoogen

Back

Reply: 1 2 3 4

On 10/5/05, Shaw, Marco <Marco.Shaw@(protected)> wrote:
> I'm curious to know what this 'kernel auditing code' is.
>
> I guess it is something recently implemented. I tried
> goggling for it, but the only thing coming up is a recent
> denial of service issue.
>
> Apart from going through the source, anyone know of any good
> sites that talk about it?
>

Depending on the version of Enterprise Linux you are using, there are
2 different auditing cores. In Red Hat Enterprise 3 there is LAUS
which was implemented by Rik Faith and some others. In RHEL 4U2 there
is auditd which is another implementation. Both are meant to implement
auditing of objects (was this file opened, was this file closed, did
they have privs, etc) for CAPP and other security regimes.

--
Stephen J Smoogen.
CSIRT/Linux System Administrator

--
Taroon-list mailing list
Taroon-list@(protected)
https://www.redhat.com/mailman/listinfo/taroon-list