> Read: > > http://www.shorewall.net/Actions.html#Default > http://www.shorewall.net/Audit.html > That was quick! A few comments/corrections though: Thomas Graf did not release the audit daemon (auditd) - the daemon was already present and is an essential part of the Linux (safe) reporting infrastructure (it reports all security-related events, not just from netfilter - that is the beauty of it all).
The following paragraph, explaining what AUDIT is for, and its possible uses, was by Eric Paris (also from RedHat), which you may remember from our little debate about the secctx field being introduced in /proc/net a while ago. In point f) (http://www.shorewall.net/Audit.html) you explain how action.Drop could be utilised to use audit - is this the physical file "action.Drop" I need to amend/look at or is there something else? > I remember you complaining about the current algorithm. > The current algorithm is flawed as if I have a device "0ff" shorewall would increase that number by 1 if I have a device defined in tcdevices after that statement - that gets over the limit of "ff" and then shorewall complains and I get an error. It is better to use random unused number, or, start from 1 and check for presence and use it if unused - that's how I see it anyway! ------------------------------------------------------------------------------ What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
