I have submitted a proposal for a BOF to describe the audit subsystem to the Linux Symposium in Ottawa which was accepted and I am about to submit (already late) the following abstract: The purpose of this BOF is to discuss the current implementation of the audit subsystem. Based on the audit infrastructure developed by Rick Faith, the current implementation added several functions to make the audit compliant with the Common Criteria Controlled Access Protection Profile (CAPP). For example, file system auditing was added, the audit context structure was expanded, id inheritance was fixed, etc... In addition, user-space programs and libraries have been re-written completing the CAPP requirements as well as providing ease of use to the administrator. A general description of the audit subsystem will start this BOF, followed by how to configure the daemon, set the filtering rules and use the search utilities. Time permitting, we'll share some experience and discuss future development. If anyone would like to cooperate in conducting this meeting and/or see changes/additions to this abstract, please let me know as soon as you can. The abstract was due today. Mounir Bsaibes Linux Security Tel: (512) 838-1301 Cell: (512) 762-9957 Fax: (512) 838-8858 e-mail: bsaibes(a)us.ibm.com