Re: integrity: audit
On Friday 06 February 2009 11:15:14 am Mimi Zohar wrote:
The integrity auditing discussions took place a while ago in August
2007
(http://osdir.com/ml/linux.redhat.security.audit/2007-09/msg00007.html).
Thanks for the refresh. Its been so long, I forgot about this. :) Re-reading
the thread, we never had closure on the audit event format.
The integrity patches are in security-testing-2.6/#next and the
auditd
patch I just posted to linux-audit. How do you suggest we go forward?
We need to go over the event format and make sure its got everything we need
in it. We also need to review the code that touches the audit system and make
sure its using the audit API the way we intended. I'd like to do this on the
linux-audit mail list so there is a record of it in the audit archives.
Thanks,
-Steve