New development

Hello, I am in the process of reviewing the requirements for the next round of development for the audit system. I've worked out a rough schedule for the user space side of things. I will produce more documentation over the next couple of days describing what is needed and what would be nice to add. I would like for this to be an open discussion among all parties as this affects the whole linux community. The rough schedule for the next series goes something like this: 1.1 -> 1.2 event dispatcher, plugin framework, and some basic plugins 1.2 -> 1.3 label support + more plugins 1.3 -> 1.4 add new config options, summary reports, binary format 1.4 -> 1.5 audit explorer & gui config There are several reasons for doing plugins first. Partly due to limited time of people working on it and also to give file system auditing a chance to get upstream. This way we are working in parallel. If you have ideas about nice things to add, lets start the discussion. We don't need to talk about LSPP as that will be by-the-book. (I want that discussion to be its own thread, but not yet. This is just pie in the sky planning.) I'm looking for usability and neat to have items. Another thing I'd like to point out is that the plugin architecture will let us eventually layer an IDS on top of the audit system. This is a long range goal that will take some time to get to. -Steve