Re: AUDIT_NETFILTER_PKT message format
On Sat, Jan 21, 2017 at 6:27 AM, Patrick PIGNOL
<patrick.pignol(a)gmail.com> wrote:
Hi all,
I disagree !
Many people in the world would like to allow an software A to go to internet
through OUTPUT TCP port 80 but disallow software B to go to the internet
through this same OUTPUT TCP port 80. Don't you know about viruses on linux
? Viruses ALWAYS use HTTP/HTTPS ports to get payloads on internet and OUTPUT
TCP port 443 COULD NOT be CLOSED for ALL SOFTWARE if you want to access
internet services (via internet browsers for example).
The Linux audit subsystem simply logs system events, it does not
enforce security policy. I suggest you investigate the different
Linux firewall tools and LSMs, e.g. SELinux, as they should help you
accomplish what you describe.
--
paul moore
www.paul-moore.com