[prev in list] [next in list] [prev in thread] [next in thread]
List: selinux
Subject: Re: [selinux] Re: identity
From: Rik Faith <faith () redhat ! com>
Date: 2004-02-25 19:51:17
Message-ID: 16444.64693.876556.280002 () neuro ! alephnull ! com
[Download RAW message or body]
On Tue 24 Feb 2004 16:45:30 -0600,
Joshua Brindle <jbrindle@snu.edu> wrote:
> On this note, are any of the selinux distro guys looking at integrating
> any specific auditing framework with selinux?
I've been working on this and I'll post a patch under a new topic later
today (what I've implemented does not currently contain an identity
feature, but it could be added without much work).
> We've looked at SAL a while back but it was very unsuitable at the
> time, and have plans to look at snare, are there others?
I have looked at several system-call auditing frameworks but, in
general, they:
1) did not integrate with SELinux (which often meant they did a
tremendous amount of work that is subsumed by LSM), and
2) they had broader goals (i.e., performance monitoring/tuning or
debugging, for which they were willing to take a performance hit
that is not reasonable to take for always-on security auditing).
> If someone is alreay working on this let me know as I'd like to help.
Great!
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic