CAPP auditable events

Monday, 18 July 2005

Hello,

I'm interested in defining a set of audit rules/watches that, when
loaded, cause audit to generate the set of auditable events required
by CAPP (CAPP, pp. 19-21).

I've consulted a variety of sources, including the CAPP specification
itself, the LAuS design document, and the LAuS filter.conf file 
provided with our CAPP certification RPM.  From that, I have a 
configuration I believe to be fairly complete.  However, the sources
seem to be in conflict on some parts, and none are a definitive
technical specification.

Is there a follow-on to the CAPP spec that provides a definitive 
technical specification of the auditable events for linux 2.6; for
instance, by listing the specific system calls?

Thanks,
Amy

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

CAPP auditable events