Steve Grubb wrote:
On Friday 22 September 2006 13:38, Paul Moore wrote:
>In order to meet certain certification requirements, the NetLabel kernel
>subsystem needs to write a small number of audit messages.
What are the requirements you are addressing? (I have a feeling that its
similar to what we have to do to file systems.)
This is for LSPP certification, directly from our evaluator. If it is
important that you know the exact requirement in CC terms I can dig that
up. The basic motivation is that we need to generate an audit record
whenever there is a security relevant configuration change.
>For the messages themselves, here is what I was thinking:
>
> "netlabel: <protocol> op=<operation> pid=<pid> tty=<tty>
comm=<name>
> exe=<path> uid=<uid> auid=<auid> euid=<euid>
suid=<suid>
> fsuid=<fsuid> gid=<gid> egid=<euid> sgid=<suid>
> fsgid=<fsuid> [<cipsov4 extras>|<managment
extras>]"
This look very much like a syscall record...would it make sense to do this as
an aux record?
It looks like this is going to be discussed on irc.
--
paul moore
linux security @ hp