Re: Auditing - Snare, LAuS, SELinux
| Enhancing Rik's framework with LAuS code is really the best
choice in my
| opinion.
So what are the low-level advantages of Rik's framework over LAuS,
again? Just the low free trapping of syscalls in the non-audited
case, and its current acceptance into the 2.6 line?
What kind of userland tools are necessary now to really make audit.rik
useful?
I do not know the technical details of the various implementations well
enough to compare them.
I have two things on my mind... ok let's say three:
- LAuS passed EAL3
- Rik's audit system is in the mainline kernel
- Rik's audit system is relatively small
If we combine them we have one standard audit subsystem, that is
maintained by the community, and will be CC compliant.
I also see the technical advantage of SELinux concerning filenames and the
tricks that can be played with them...
Bye,
Thomas
--
Thomas Biege <thomas(a)suse.de>, SUSE LINUX AG, Security Support & Auditing
--
Anyone who considers arithmetical methods of producing
random numbers is, of course, in a state of sin.
-- John von Neumann