--- Steve Grubb <sgrubb(a)redhat.com> wrote:
Based on previous discussions, I think this would be
required for LSPP. If we
are going for LSPP after meeting CAPP, it wouldn't
be bad to start getting
some things in place.
Capabilties are fun in a CAPP environment, too.
The Irix CAPP system (for example) uses
capabilities and yes, they go in the audit trail
along with an indication of which capabilities were
required to perform the action, if any.
This is probably a bit late in the discussion,
but have y'all considered using a tokenized audit
record format? If you did you wouldn't have to
care if any given bit of information was there
just yet, or allocate a place for things that
might or might not be there someday. Both Solaris
and Irix use tokenized schemes to effect.
=====
Casey Schaufler
casey(a)schaufler-ca.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com