Re: New draft standards

On 15/12/08, Steve Grubb wrote: A couple of very minor corrections to this first one: --- system-lifecycle.txt.orig 2015-12-08 15:36:34.441782830 -0500 +++ system-lifecycle.txt 2015-12-08 15:38:10.763998066 -0500 @@ -62,7 +62,7 @@ /* boot */ audit_log_user_message (fd, AUDIT_SYSTEM_BOOT, "init", NULL, NULL, NULL, 1); -/* run leve change */ +/* run level change */ snprintf (buf, sizeof (buf), "old-level=%c new-level=%c", old, level); audit_log_user_message (fd, AUDIT_SYSTEM_RUNLEVEL, buf, NULL, NULL, NULL, 1); @@ -77,7 +77,7 @@ audit_log_user_message (fd, AUDIT_SERVICE_START, buf, NULL, NULL, NULL, 1); free(buf); -Service stop events should be the same os start with the exception of using +Service stop events should be the same as start with the exception of using AUDIT_SERVICE_STOP as the event type. If only the pid is available, record that as "spid". There must be a way to compare start and stop records to see that they balance. (There are as many starts as stops.) How do you mean for IP address to be "resolved"? Is this simply a matter of recording it? Or would this be a reverse lookup on the local machine to get the opinion of what it should be from the DNS perspective of the local machine, assuming different machines in the logging domain could potentially have different views of DNS? - RGB -- Richard Guy Briggs <rbriggs(a)redhat.com&gt; Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545