On May 22, 2011, at 9:58 AM, Mr Dash Four wrote: > >> Read: >> >> http://www.shorewall.net/Actions.html#Default >> http://www.shorewall.net/Audit.html >> > That was quick! A few comments/corrections though: Thomas Graf did not > release the audit daemon (auditd) - the daemon was already present and > is an essential part of the Linux (safe) reporting infrastructure (it > reports all security-related events, not just from netfilter - that is > the beauty of it all). > > The following paragraph, explaining what AUDIT is for, and its possible > uses, was by Eric Paris (also from RedHat), which you may remember from > our little debate about the secctx field being introduced in /proc/net a > while ago.
Thanks. > > In point f) (http://www.shorewall.net/Audit.html) you explain how > action.Drop could be utilised to use audit - is this the physical file > "action.Drop" I need to amend/look at or is there something else? > I would - Copy the file somewhere else on your CONFIG_PATH (http://www.shorewall.net/configuration_file_basics.htm#CONFIG_PATH) - Rename the copy to avoid confusion - Modify the copy as needed. You might also need to copy macros like macro.SMB that are invoked by the action if you want audited copies of those as well - Modify shorewall.conf (DROP_DEFAULT) to name the copy You may also want to do that for action.Reject if you want auditing of any REJECT policy enforcement. >> I remember you complaining about the current algorithm. >> > The current algorithm is flawed as if I have a device "0ff" shorewall > would increase that number by 1 if I have a device defined in tcdevices > after that statement - that gets over the limit of "ff" and then > shorewall complains and I get an error. It is better to use random > unused number, or, start from 1 and check for presence and use it if > unused - that's how I see it anyway! Patch attached.
DEVNUM.patch
Description: Binary data
Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------------ What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
