Re: [RFC][PATCH 0/3][REVISED] CAPP-compliant file system auditing
linux-audit-bounces(a)redhat.com wrote on 03/31/2005 04:46:29 PM:
.:: Introduction ::.
The audit subsystem is currently incapable of auditing a file system
object
based on its location and name. This is critical for auditing
well-defined
and security-relevant files such as /etc/shadow, where auditing on
inode
and
device is fallible. This patch adds the necessary functionality to
the
audit
subsystem and VFS to support file system auditing in which an object
is
audited based on its location and name.
The patch is split in two.
The first patch is the implementation of file system auditing. The
bulk of it
resides in kernel/auditfs.c. It is accompanied by a functional overview
of
the design in the next message.
The second patch consists of file system hooks. I anticipate some
discussion
with regards to them and wanted to provide some context around their
placements and purpose.
----
There... is that succinct enough?
Yes, much much better. consice, clear and to the point.
You might say it is succinct.
-tim
--
Linux-audit mailing list
Linux-audit(a)redhat.com
http://www.redhat.com/mailman/listinfo/linux-audit