Linda Knippers wrote:
Joy Latten wrote:
On Tue, 2006-10-03 at 15:18 -0400, Joshua Brindle wrote:
Joy Latten wrote:
Before network labeling is completed we still need some work
implementing how we plan to audit configuration changes in ipsec
labeling decisions. I believe we agreed today that this auditing must
be done in kernelspace since we do not have fine grained enough controls
on netlink messages to allow for all of the auditing in userspace.
I've talked to Klaus about what needs to be audited for ipsec and
lspp compliance. I will begin work on a patch and get this out
to the list as soon as I can. We will audit everytime a policy is
added/removed to/from the ipsec policy database.
why not just auditallow all association setcontext?
Dang! Why didn't I think of that! :-)
Such a good idea. I will do a quick test and
show Klaus and see if it all looks ok to him.
Thanks!!!
If we go the auditallow route then we lose some audit record management
features, like the ability to enable/disble/search for these records,
don't we? Do we care?
enable and disable with a boolean
searching? surely you can search avc records..
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
