On Monday 26 November 2007 11:47:09 am Joy Latten wrote:
Paul Moore [EMAIL PROTECTED] wrote on 11/21/2007 03:34:31 PM:
I just noticed that the IPsec auditing code does not appear to audit the
netmask for the selector source and destination addresses in
xfrm_audit_common_policyinfo(). Before I threw a patch together I
thought I
would check to see if there was a reason for this that I am missing ...
I don't think we ever discussed including netmask when we added the
ipsec audit info...
Hmmm ... okay. I'm almost certain it should be included when auditing changes
to the SPD as the netmask/prefixlen is very important when considering which
traffic will be matched by a particular SPD entry.
I'm working on a patch now.
--
paul moore
linux security @ hp
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit