[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: [selinux] Re: identity
From:       Rik Faith <faith () redhat ! com>
Date:       2004-02-25 19:51:17
Message-ID: 16444.64693.876556.280002 () neuro ! alephnull ! com
[Download RAW message or body]

On Tue 24 Feb 2004 16:45:30 -0600,
   Joshua Brindle <jbrindle@snu.edu> wrote:
> On this note, are any of the selinux distro guys looking at integrating 
> any specific auditing framework with selinux?

I've been working on this and I'll post a patch under a new topic later
today (what I've implemented does not currently contain an identity
feature, but it could be added without much work).

> We've looked at SAL a while back but it was very unsuitable at the
> time, and have plans to look at snare, are there others?

I have looked at several system-call auditing frameworks but, in
general, they:
    1) did not integrate with SELinux (which often meant they did a
       tremendous amount of work that is subsumed by LSM), and
    2) they had broader goals (i.e., performance monitoring/tuning or
       debugging, for which they were willing to take a performance hit
       that is not reasonable to take for always-on security auditing).

> If someone is alreay working on this let me know as I'd like to help.

Great!


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]