3.8.13.14 -stable review patch. If anyone has any objections, please let me
know.
--
From: Tyler Hicks
commit 0868a5e150bc4c47e7a003367cd755811eb41e0b upstream.
When the audit=1 kernel parameter is absent and auditd is not running,
AUDIT_USER_AVC messages are being silently d
Quoting Gao feng (gaof...@cn.fujitsu.com):
> Here is the v1 patchset: http://lwn.net/Articles/549546/
>
> The main target of this patchset is allowing user in audit
> namespace to generate the USER_MSG type of audit message,
> some userspace tools need to generate audit message, or
> these tools w
ALCON,
We have a Centos machine running Centos 6 and it uses mysql. When a
standard user operates the system, our /var/log/messages gets filled up
with around 2gb of audit data rather quickly. Here is the audit.
Dec 6 15:22:12 aaa-bbb audispd: node=aaa-bbb.ccc.ddd.eee type=SYSCALL
msg=audit(1386
Quoting Gao feng (gaof...@cn.fujitsu.com):
> Since there is no more place for flags of clone system call.
> we need to find a way to create audit namespace.
>
> this patch add a new type of message AUDIT_CREATE_NS.
> user space can create new audit namespace through
> netlink.
>
> Right now, The
Quoting Gao feng (gaof...@cn.fujitsu.com):
> Hi
>
> On 10/24/2013 03:31 PM, Gao feng wrote:
> > Here is the v1 patchset: http://lwn.net/Articles/549546/
> >
> > The main target of this patchset is allowing user in audit
> > namespace to generate the USER_MSG type of audit message,
> > some usersp
This is a note to let you know that I have just added a patch titled
audit: printk USER_AVC messages when audit isn't enabled
to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree
which can be found at:
http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/
Quoting Gao feng (gaof...@cn.fujitsu.com):
> 1, remove the permission check of pid namespace. it's no reason
>to deny un-init pid namespace to operate audit subsystem.
>
> 2, only allow init user namespace and init audit namespace to
>operate list/add/del rule, tty set, trim, make equiv op
On Friday, December 06, 2013 03:34:27 PM Derek Warner wrote:
> ALCON,
>
> We have a Centos machine running Centos 6 and it uses mysql. When a
> standard user operates the system, our /var/log/messages gets filled up
> with around 2gb of audit data rather quickly. Here is the audit.
>
> Dec 6 15:
Steve,
This machine is on Marine Corp network and is undergoing DISA RHEL 5 STIG.
We have a software package called CAARS which is simply an "After Action
Review" suite of software. The CAARS grabs events from the simulation,
audio, and a host of other items to enable the soldier to quickly put
to
On Mon, Dec 02, 2013 at 01:10:39PM -0800, William Roberts wrote:
> During an audit event, cache and print the value of the process's
> cmdline value (proc//cmdline). This is useful in situations
> where processes are started via fork'd virtual machines where the
> comm field is incorrect. Often tim
On Monday, December 09, 2013 10:20:41 AM Derek Warner wrote:
> How did you "interpret" the log setting to retreive the syscall
> "sched_setparam"?
I copied the text and ran it through ausearch with the '-i' commandline
option.
> Anyhow I am not sure why we want this, I have no idea what the
> s
I get it. Is this something that is identified for a fix in RHEL? Since
RHEL ports the mysql would it be mysql that provides the fix or RHEL?
V/R
Derek
Derek Warner – CISSP-ISSEP
Information System Security Engineer
Riptide Software
w- 321-296-0068 x 136
c- 407-716-9223
derek.war...@riptid
Steve,
Thanks again, I am really trying to get my linux skills sharpened as I have
been unfortunately raised in the windows world. It does pay the bills
though.
V/R
Derek Warner – CISSP-ISSEP
Information System Security Engineer
Riptide Software
w- 321-296-0068 x 136
c- 407-716-9223
derek.
On Monday, December 09, 2013 10:34:49 AM Derek Warner wrote:
> Is this something that is identified for a fix in RHEL?
No. I did report it and it was worked on Fedora:
https://bugzilla.redhat.com/show_bug.cgi?id=477624
> Since RHEL ports the mysql would it be mysql that provides the fix or RHEL?
Quoting Gao feng (gaof...@cn.fujitsu.com):
> On 12/07/2013 06:10 AM, Serge E. Hallyn wrote:
> > Quoting Gao feng (gaof...@cn.fujitsu.com):
> >> Since there is no more place for flags of clone system call.
> >> we need to find a way to create audit namespace.
> >>
> >> this patch add a new type of m
Quoting Gao feng (gaof...@cn.fujitsu.com):
> On 12/07/2013 06:12 AM, Serge E. Hallyn wrote:
> > Quoting Gao feng (gaof...@cn.fujitsu.com):
> >> Hi
> >>
> >> On 10/24/2013 03:31 PM, Gao feng wrote:
> >>> Here is the v1 patchset: http://lwn.net/Articles/549546/
> >>>
> >>> The main target of this pat
On 13/12/05, Eric Paris wrote:
> I know we talked about this patch, and it seemed like a good idea at the
> time, but honestly, these races are so rare, it isn't worth the code
> complexity. I tried to simplify the readability of your code and got
> something better, but still the loop is needless
On 12/10/2013 01:53 AM, Serge Hallyn wrote:
> Quoting Gao feng (gaof...@cn.fujitsu.com):
>> On 12/07/2013 06:10 AM, Serge E. Hallyn wrote:
>>> Quoting Gao feng (gaof...@cn.fujitsu.com):
Since there is no more place for flags of clone system call.
we need to find a way to create audit name
18 matches
Mail list logo