[GIT PULL] Audit patches for v4.13
by Paul Moore
Hi Linus,
Things are relatively quiet on the audit front for v4.13, just five
patches for a total diffstat of 102 lines. There are two patches from
Richard to consistently record the POSIX capabilities and add the
ambient capability information as well. I also chipped in two patches
to fix a race condition with the auditd tracking code and ensure we
don't skip sending any records to the audit multicast group. Finally
a single style fix that I accepted because I must have been in a good
mood that day.
Everything passes our test suite, and should be relatively harmless,
please merge for v4.13.
Thanks,
-Paul
---
The following changes since commit 48d0e023af9799cd7220335baf8e3ba61eeafbeb:
audit: fix the RCU locking for the auditd_connection structure (2017-05-02 10:
16:05 -0400)
are available in the git repository at:
git://git.infradead.org/users/pcmoore/audit stable-4.13
for you to fetch changes up to cd33f5f2cbfaadc21270f3ddac7c3c33e0a1a28c:
audit: make sure we never skip the multicast broadcast
(2017-06-16 11:51:00 -0400)
----------------------------------------------------------------
Derek Robson (1):
audit: style fix
Paul Moore (2):
audit: fix a race condition with the auditd tracking code
audit: make sure we never skip the multicast broadcast
Richard Guy Briggs (2):
audit: unswing cap_* fields in PATH records
audit: add ambient capabilities to CAPSET and BPRM_FCAPS records
kernel/audit.c | 61 +++++++++++++++++++++++++---------------------------
kernel/audit.h | 29 ++++++++++++++-------------
kernel/auditsc.c | 12 ++++++++---
3 files changed, 53 insertions(+), 49 deletions(-)
--
paul moore
www.paul-moore.com
7 years, 4 months
AUDIT YUM
by warron.french
Is there an audit system call associated with the use of rpm or yum?
Or is it best to setup a watch rule for both executables?
--------------------------
Warron French
7 years, 4 months