On 07/05/14 05:28 AM, Connor Behan wrote: > On 07/05/14 01:07 AM, Daniel Micay wrote: >> Sadly, the `perf trace` command has a dependency on libaudit for a few >> convenience functions. I'm curious about what people feel the best >> approach would be here... adding back audit to [community] is ugly since >> it's not going to work, but building it and statically linking it in the >> linux-tools package is overly complex. >> >> The lesser evil seems to be adding only a libaudit package... but it's >> still not going to work if someone tries to use it for what it's >> intended to do. I'll probably go with this if there's no saner idea. > Why not enable audit in your linux-grsec package? Then you can make > linux-grsec an optional dependency of the audit userspace tools for > people who want to use more than just the convenience functions. I still > have an occasional use for audit and the overhead it adds to the kernel > is negligible compared to grsecurity itself.
RBAC also allows quite a bit of auditing with the grsecurity audit infrastructure. You can audit attempts to make use of a certain path, capability, IP protocol, etc. Of course, this assumes you have a basic working RBAC policy for tacking on allowed + audited policies or disallowed + audited policies. So CONFIG_AUDIT=Y is a lot less useful.
signature.asc
Description: OpenPGP digital signature