Re: [PATCH 3/6 RFC] netfilter: audit only on xtables and ebtables syscall rule or standalone

On Wed, May 24, 2017 at 2:09 PM, Richard Guy Briggs wrote: > On 2017-05-24 19:36, Pablo Neira Ayuso wrote: >> On Thu, May 18, 2017 at 01:21:49PM -0400, Richard Guy Briggs wrote: >> > There were syscall events unsolicited by any audit rule caused by a missing >> > !audit_dummy_context() check befor

Re: [PATCH 3/6 RFC] netfilter: audit only on xtables and ebtables syscall rule or standalone

On Thu, May 18, 2017 at 01:21:49PM -0400, Richard Guy Briggs wrote: > There were syscall events unsolicited by any audit rule caused by a missing > !audit_dummy_context() check before creating an > iptables/ip6tables/arptables/ebtables NETFILTER_CFG record. Check > !audit_dummy_context() before cr

Re: [PATCH 3/6 RFC] netfilter: audit only on xtables and ebtables syscall rule or standalone

On 2017-05-24 19:36, Pablo Neira Ayuso wrote: > On Thu, May 18, 2017 at 01:21:49PM -0400, Richard Guy Briggs wrote: > > There were syscall events unsolicited by any audit rule caused by a missing > > !audit_dummy_context() check before creating an > > iptables/ip6tables/arptables/ebtables NETFILTER

[PATCH 3/6 RFC] netfilter: audit only on xtables and ebtables syscall rule or standalone

There were syscall events unsolicited by any audit rule caused by a missing !audit_dummy_context() check before creating an iptables/ip6tables/arptables/ebtables NETFILTER_CFG record. Check !audit_dummy_context() before creating the NETFILTER_CFG record. The vast majority of observed unaccompanie