On Mon, Dec 7, 2020 at 8:34 PM Richard Guy Briggs wrote:
> On 2020-12-07 18:28, Steve Grubb wrote:
...
> > Other metrics would be good. I'd like to see a max_backlog to know if we are
> > wasting memory. It would just record the highwater mark since auditing was
> > enabled.
>
> That would be co
On Tuesday, December 8, 2020 8:20:03 AM EST Richard Guy Briggs wrote:
> > > By configure macro are you talking about the presence of that audit
> > > status mask bit, or the presence of that struct audit_status member?
> >
> > Yes. But it doesn't apply to old kernels.
>
> An "or" question usually
On 2020-12-07 22:34, Steve Grubb wrote:
> On Monday, December 7, 2020 8:34:35 PM EST Richard Guy Briggs wrote:
> > On 2020-12-07 18:28, Steve Grubb wrote:
> > > Hello Max,
> > >
> > > On Monday, December 7, 2020 4:28:14 PM EST Max Englander wrote:
> > > > Steve, I'm happy to make changes to the us
On Monday, December 7, 2020 8:34:35 PM EST Richard Guy Briggs wrote:
> On 2020-12-07 18:28, Steve Grubb wrote:
> > Hello Max,
> >
> > On Monday, December 7, 2020 4:28:14 PM EST Max Englander wrote:
> > > Steve, I'm happy to make changes to the userspace PR based on
> > > Richard's suggestions, if
On 2020-12-07 18:28, Steve Grubb wrote:
> Hello Max,
>
> On Monday, December 7, 2020 4:28:14 PM EST Max Englander wrote:
> > Steve, I'm happy to make changes to the userspace PR based on
> > Richard's suggestions, if that sounds good to you. I'll follow up in
> > the PR to discuss it more
>
> The
Hello Max,
On Monday, December 7, 2020 4:28:14 PM EST Max Englander wrote:
> Steve, I'm happy to make changes to the userspace PR based on
> Richard's suggestions, if that sounds good to you. I'll follow up in
> the PR to discuss it more
The only issue is new userspace on old kernel. I think if w
On Wed, Dec 2, 2020 at 11:33 PM Joe Wulf wrote:
> I would like to suggest providing a mechanism where admins can query the
> status or state of backlog issues (wait time, sums, etc...). Maybe the
> intent is to expand the output of status checking of auditd.
>
> I believe further clarity is bene
On Mon, Dec 7, 2020 at 4:21 PM Richard Guy Briggs wrote:
> On 2020-12-07 16:13, Max Englander wrote:
> > On Fri, Dec 4, 2020 at 3:41 PM Paul Moore wrote:
> >
> > > On Thu, Dec 3, 2020 at 9:47 PM Steve Grubb wrote:
> > > > On Thursday, December 3, 2020 9:16:52 PM EST Paul Moore wrote:
> > > > >
On 2020-12-07 16:13, Max Englander wrote:
> On Fri, Dec 4, 2020 at 3:41 PM Paul Moore wrote:
>
> > On Thu, Dec 3, 2020 at 9:47 PM Steve Grubb wrote:
> > > On Thursday, December 3, 2020 9:16:52 PM EST Paul Moore wrote:
> > > > > > > Author: Richard Guy Briggs
> > > > > > > AuthorDate: 2014-1
On Mon, Dec 7, 2020 at 4:13 PM Max Englander wrote:
> It sounds like there's a decision to be made around whether or not to use
> the bitmap feature flags which I probably am probably not in a position to
> help decide. However, I'm more than happy to fix my userspace PR so
> that it does not rely
On Mon, Dec 7, 2020 at 2:43 PM Lenny Bruzenak wrote:
> Paul,
>
> This change does seem to the untrained eye to be in line with the existing
> FEATURE_BITMAP definitions. I appreciate your intent on not exhausting the
> available space, but at some point if that happens is there any reasonable
>
On Fri, Dec 4, 2020 at 3:41 PM Paul Moore wrote:
> On Thu, Dec 3, 2020 at 9:47 PM Steve Grubb wrote:
> > On Thursday, December 3, 2020 9:16:52 PM EST Paul Moore wrote:
> > > > > > Author: Richard Guy Briggs
> > > > > > AuthorDate: 2014-11-17 15:51:01 -0500
> > > > > > Commit: Paul Moore
On 7/2/20 2:42 PM, Paul Moore wrote:
#define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT 0x0001
#define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME 0x0002
@@ -348,6 +349,7 @@ enum {
#define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER 0x0010
#define AUDIT_FEATURE_BITMAP_LOST_RESET
On Thu, Dec 3, 2020 at 9:47 PM Steve Grubb wrote:
> On Thursday, December 3, 2020 9:16:52 PM EST Paul Moore wrote:
> > > > > Author: Richard Guy Briggs
> > > > > AuthorDate: 2014-11-17 15:51:01 -0500
> > > > > Commit: Paul Moore
> > > > > CommitDate: 2014-11-17 16:53:51 -0500
> > > > > (
On Thursday, December 3, 2020 9:16:52 PM EST Paul Moore wrote:
> > > > Author: Richard Guy Briggs
> > > > AuthorDate: 2014-11-17 15:51:01 -0500
> > > > Commit: Paul Moore
> > > > CommitDate: 2014-11-17 16:53:51 -0500
> > > > ("audit: convert status version to a feature bitmap")
> > > > It
On Thu, Dec 3, 2020 at 6:55 PM Steve Grubb wrote:
> On Thursday, December 3, 2020 6:43:11 PM EST Paul Moore wrote:
> > > So far there are only seven bits used out of 32, so it does not appear we
> > > are in danger of running out anytime soon.
>
> Exactly. Even capability bits are easier to get as
On Thursday, December 3, 2020 6:43:11 PM EST Paul Moore wrote:
> > So far there are only seven bits used out of 32, so it does not appear we
> > are in danger of running out anytime soon.
Exactly. Even capability bits are easier to get assigned. :-)
> > It was introduced with commit 0288d7183c41
On Thu, Dec 3, 2020 at 6:10 PM Richard Guy Briggs wrote:
> On 2020-12-03 10:37, Paul Moore wrote:
> > On Thu, Dec 3, 2020 at 7:37 AM Richard Guy Briggs wrote:
> > > On 2020-12-02 23:12, Paul Moore wrote:
> > > > On Wed, Dec 2, 2020 at 10:52 PM Steve Grubb wrote:
> > > > > We need this FEATURE_BI
On 2020-12-03 10:37, Paul Moore wrote:
> On Thu, Dec 3, 2020 at 7:37 AM Richard Guy Briggs wrote:
> > On 2020-12-02 23:12, Paul Moore wrote:
> > > On Wed, Dec 2, 2020 at 10:52 PM Steve Grubb wrote:
> > > > We need this FEATURE_BITMAP to do anything in userspace. Max's instinct
> > > > was
> > >
On Thu, Dec 3, 2020 at 7:37 AM Richard Guy Briggs wrote:
> On 2020-12-02 23:12, Paul Moore wrote:
> > On Wed, Dec 2, 2020 at 10:52 PM Steve Grubb wrote:
> > > We need this FEATURE_BITMAP to do anything in userspace. Max's instinct
> > > was
> > > right. Anything that changes the user space API n
On Wednesday, December 2, 2020 11:12:31 PM EST Paul Moore wrote:
> On Wed, Dec 2, 2020 at 10:52 PM Steve Grubb wrote:
> > Hello Paul,
>
> Steve.
>
> > On Thursday, July 2, 2020 4:42:13 PM EST Paul Moore wrote:
> > > > #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT 0x0001
> > > > #define AUDI
On 2020-12-02 23:12, Paul Moore wrote:
> On Wed, Dec 2, 2020 at 10:52 PM Steve Grubb wrote:
> > Hello Paul,
>
> Steve.
>
> > On Thursday, July 2, 2020 4:42:13 PM EST Paul Moore wrote:
> > > > #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT 0x0001
> > > > #define AUDIT_FEATURE_BITMAP_BACKLOG_W
I would like to suggest providing a mechanism where admins can query the status
or state of backlog issues (wait time, sums, etc...). Maybe the intent is to
expand the output of status checking of auditd.
I believe further clarity is beneficial on the setting of the
'backlog_wait_sum' (or to w
On Wed, Dec 2, 2020 at 10:52 PM Steve Grubb wrote:
>
> Hello Paul,
Steve.
> On Thursday, July 2, 2020 4:42:13 PM EST Paul Moore wrote:
> > > #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT 0x0001
> > > #define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME 0x0002
> > > @@ -348,6 +349,7 @@ enum {
Hello Paul,
On Thursday, July 2, 2020 4:42:13 PM EST Paul Moore wrote:
> > #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT 0x0001
> > #define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME 0x0002
> > @@ -348,6 +349,7 @@ enum {
> > #define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER 0x0010
> > #defin
On Fri, Jul 03, 2020 at 05:29:49PM -0400, Richard Guy Briggs wrote:
> On 2020-07-02 16:42, Paul Moore wrote:
> > On Wed, Jul 1, 2020 at 5:32 PM Max Englander
> > wrote:
> > >
> > > In environments where the preservation of audit events and predictable
> > > usage of system memory are prioritized,
On Thu, Jul 02, 2020 at 04:42:13PM -0400, Paul Moore wrote:
> On Wed, Jul 1, 2020 at 5:32 PM Max Englander wrote:
> >
> > In environments where the preservation of audit events and predictable
> > usage of system memory are prioritized, admins may use a combination of
> > --backlog_wait_time and -
On 2020-07-02 16:42, Paul Moore wrote:
> On Wed, Jul 1, 2020 at 5:32 PM Max Englander wrote:
> >
> > In environments where the preservation of audit events and predictable
> > usage of system memory are prioritized, admins may use a combination of
> > --backlog_wait_time and -b options at the risk
On Wed, Jul 1, 2020 at 5:32 PM Max Englander wrote:
>
> In environments where the preservation of audit events and predictable
> usage of system memory are prioritized, admins may use a combination of
> --backlog_wait_time and -b options at the risk of degraded performance
> resulting from backlog
In environments where the preservation of audit events and predictable
usage of system memory are prioritized, admins may use a combination of
--backlog_wait_time and -b options at the risk of degraded performance
resulting from backlog waiting. In some cases, this risk may be
preferred to lost eve
30 matches
Mail list logo
