integrity: audit
This patch adds support to auditd for integrity messages, which are
issued as a result of the integrity patchset that was applied to the
security-testing-2.6/#next tree.
Signed-off-by: Mimi Zohar
Index: audit-1.7.11/src/ausearch-parse.c
The original patch added support to auditd for integrity messages, which
are issued as a result of the integrity patchset that was applied to the
security-testing-2.6/#next tree.
This patch adds support for the new AUDIT_INTEGRITY_RULE message.
Signed-off-by: Mimi Zohar
Index: audit-1.7.11/src
On Friday 06 February 2009 07:43:50 am Mimi Zohar wrote:
> This patch adds support to auditd for integrity messages, which are
> issued as a result of the integrity patchset that was applied to the
> security-testing-2.6/#next tree.
>
> Signed-off-by: Mimi Zohar
NACK to anything around this. So f
On Fri, 2009-02-06 at 10:01 -0500, Steve Grubb wrote:
> On Friday 06 February 2009 07:43:50 am Mimi Zohar wrote:
> > This patch adds support to auditd for integrity messages, which are
> > issued as a result of the integrity patchset that was applied to the
> > security-testing-2.6/#next tree.
> >
On Friday 06 February 2009 11:15:14 am Mimi Zohar wrote:
> The integrity auditing discussions took place a while ago in August 2007
> (http://osdir.com/ml/linux.redhat.security.audit/2007-09/msg7.html).
Thanks for the refresh. Its been so long, I forgot about this. :) Re-reading
the thread,
- Force audit result to be either 0 or 1.
- make template names const
- Add new stand-alone message type: AUDIT_INTEGRITY_RULE
Signed-off-by: Mimi Zohar
---
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 930939a..4fa2810 100644
--- a/include/linux/audit.h
+++ b/include/linux/aud
On Monday 09 February 2009 06:24:20 pm Mimi Zohar wrote:
> - Force audit result to be either 0 or 1.
> - make template names const
> - Add new stand-alone message type: AUDIT_INTEGRITY_RULE
OK, I think this patch fixes the problems from 2/8. Were you going to combine
them for a new 2/8 or just ap
On Tue, 2009-02-10 at 17:00 -0500, Steve Grubb wrote:
> On Monday 09 February 2009 06:24:20 pm Mimi Zohar wrote:
> > - Force audit result to be either 0 or 1.
> > - make template names const
> > - Add new stand-alone message type: AUDIT_INTEGRITY_RULE
>
> OK, I think this patch fixes the problems
On Monday 09 February 2009 06:24:20 pm Mimi Zohar wrote:
> - Force audit result to be either 0 or 1.
> - make template names const
> - Add new stand-alone message type: AUDIT_INTEGRITY_RULE
>
> Signed-off-by: Mimi Zohar
Acked-by: Steve Grubb
> ---
> diff --git a/include/linux/audit.h b/include/
Hi Mimi,
In integrity audit message function the inverse of "result" is being
logged for "res=". Please see below. Is this intentional?
void integrity_audit_msg(int audit_msgno, struct inode *inode,
const unsigned char *f
On 6/6/20 6:51 PM, Mimi Zohar wrote:
Hi Lakshmi,
The commit message provides an explanation. Look at b0d5de4d5880 ("IMA: fix
audit res field to indicate 1 for success and 0 for failure").
Thanks for the info Mimi.
If this function logs the "result" parameter as passed by the caller,
the au
Hi Lakshmi,
On Fri, 2020-06-05 at 20:13 -0700, Lakshmi Ramasubramanian wrote:
> Hi Mimi,
>
> In integrity audit message function the inverse of "result" is being
> logged for "res=". Please see below. Is this intentional?
>
> void integrity_audit_ms
12 matches
Mail list logo
