Joy Latten wrote: > On Tue, 2006-10-03 at 15:18 -0400, Joshua Brindle wrote: > >>Joy Latten wrote: >> >>>>Before network labeling is completed we still need some work >>>>implementing how we plan to audit configuration changes in ipsec >>>>labeling decisions. I believe we agreed today that this auditing must >>>>be done in kernelspace since we do not have fine grained enough controls >>>>on netlink messages to allow for all of the auditing in userspace. >>>> >>>> >>> >>>I've talked to Klaus about what needs to be audited for ipsec and >>>lspp compliance. I will begin work on a patch and get this out >>>to the list as soon as I can. We will audit everytime a policy is >>>added/removed to/from the ipsec policy database. >>> >>> >> >>why not just auditallow all association setcontext? > > > Dang! Why didn't I think of that! :-) > Such a good idea. I will do a quick test and > show Klaus and see if it all looks ok to him. > Thanks!!!
If we go the auditallow route then we lose some audit record management features, like the ability to enable/disble/search for these records, don't we? Do we care? -- ljk -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
