On Tue, Oct 17, 2017 at 12:01 PM, Steve Grubb wrote:
> On Tuesday, October 17, 2017 11:11:31 AM EDT Paul Moore wrote:
>> On Mon, Oct 16, 2017 at 6:28 PM, Steve Grubb wrote:
>> > On Monday, October 16, 2017 6:06:47 PM EDT Steve Grubb wrote:
>> >> > > +/* Log information about who is connecting to
On Tuesday, October 17, 2017 11:11:31 AM EDT Paul Moore wrote:
> On Mon, Oct 16, 2017 at 6:28 PM, Steve Grubb wrote:
> > On Monday, October 16, 2017 6:06:47 PM EDT Steve Grubb wrote:
> >> > > +/* Log information about who is connecting to the audit multicast
> >> > > socket
> >> > > */ +static voi
On Mon, Oct 16, 2017 at 6:28 PM, Steve Grubb wrote:
> On Monday, October 16, 2017 6:06:47 PM EDT Steve Grubb wrote:
>> > > +/* Log information about who is connecting to the audit multicast
>> > > socket
>> > > */ +static void audit_log_multicast_bind(int group, const char *op, int
>> > > err) +{
On Mon, Oct 16, 2017 at 7:04 PM, Richard Guy Briggs wrote:
> To use the AUDIT_TASK record idea, a local audit context would need to
> be created and used for the AUDIT_CONFIG_CHANGE and AUDIT_TASK records
> only.
For the record, the more I think about the AUDIT_TASK record idea, the
more I'm sour
On Mon, Oct 16, 2017 at 6:06 PM, Steve Grubb wrote:
> On Monday, October 16, 2017 5:35:55 PM EDT Paul Moore wrote:
>> On Fri, Oct 13, 2017 at 3:58 PM, Steve Grubb wrote:
>> > Log information about programs connecting and disconnecting to the audit
>> > netlink multicast socket. This is needed so
On Monday, October 16, 2017 7:04:14 PM EDT Richard Guy Briggs wrote:
> On 2017-10-16 22:28, Steve Grubb wrote:
> > On Monday, October 16, 2017 6:06:47 PM EDT Steve Grubb wrote:
> > > > > +/* Log information about who is connecting to the audit multicast
> > > > > socket
> > > > > */ +static void au
On 2017-10-16 22:28, Steve Grubb wrote:
> On Monday, October 16, 2017 6:06:47 PM EDT Steve Grubb wrote:
> > > > +/* Log information about who is connecting to the audit multicast
> > > > socket
> > > > */ +static void audit_log_multicast_bind(int group, const char *op, int
> > > > err) +{
> > > > +
On Monday, October 16, 2017 6:06:47 PM EDT Steve Grubb wrote:
> > > +/* Log information about who is connecting to the audit multicast
> > > socket
> > > */ +static void audit_log_multicast_bind(int group, const char *op, int
> > > err) +{
> > > + const struct cred *cred;
> > > + struct
On Monday, October 16, 2017 5:35:55 PM EDT Paul Moore wrote:
> On Fri, Oct 13, 2017 at 3:58 PM, Steve Grubb wrote:
> > Log information about programs connecting and disconnecting to the audit
> > netlink multicast socket. This is needed so that during investigations a
> > security officer can tell
On Fri, Oct 13, 2017 at 3:58 PM, Steve Grubb wrote:
> Log information about programs connecting and disconnecting to the audit
> netlink multicast socket. This is needed so that during investigations a
> security officer can tell who or what had access to the audit trail. This
> helps to meet the
On 2017-10-16 18:56, Richard Guy Briggs wrote:
> On 2017-10-13 19:58, Steve Grubb wrote:
> > Log information about programs connecting and disconnecting to the audit
> > netlink multicast socket. This is needed so that during investigations a
> > security officer can tell who or what had access to
On 2017-10-13 19:58, Steve Grubb wrote:
> Log information about programs connecting and disconnecting to the audit
> netlink multicast socket. This is needed so that during investigations a
> security officer can tell who or what had access to the audit trail. This
> helps to meet the FAU_SAR.2 req
Log information about programs connecting and disconnecting to the audit
netlink multicast socket. This is needed so that during investigations a
security officer can tell who or what had access to the audit trail. This
helps to meet the FAU_SAR.2 requirement for Common Criteria. Sample
event:
typ
13 matches
Mail list logo