lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200711071015.33765.sgrubb@redhat.com>
Date:	Wed, 7 Nov 2007 10:15:33 -0500
From:	Steve Grubb <sgrubb@...hat.com>
To:	Yuichi Nakamura <ynakam@...achisoft.jp>
Cc:	linux-kernel@...r.kernel.org, linuxsh-dev@...ts.sourceforge.net,
	lethal@...ux-sh.org, Al Viro <aviro@...hat.com>
Subject: Re: [patch] audit support for SH

On Wednesday 07 November 2007 12:04:46 am Yuichi Nakamura wrote:
> I found syscall audit does not work on SH(SuperH).
> I made patch to support syscall audit for SH.

I think this is close, but it looks like you missed the syscall classification 
piece. You can find an example here:

arch/x86_64/kernel/audit.c

Its used for determining which syscalls we are interested in for watches. 

Also, IBM and HP both have released audit test suites. You should run the CAPP 
tests at a minimum to see if you have hooked everything that is expected. If 
you have SE Linux enabled for that platform, you may want to try the LSPP 
tests but you would need have the MLS policy installed.

IBM's announcement is here:

https://www.redhat.com/archives/redhat-lspp/2007-August/msg00002.html

and HP's here:

https://www.redhat.com/archives/linux-audit/2007-August/msg00030.html

And...user space would need an update for the syscall table and arches so that 
you can run the tests. Please send that patch to linux-audit mail list.

Thanks,
-Steve
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ