| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Nov 2007 10:15:33 -0500 From: Steve Grubb <sgrubb@...hat.com> To: Yuichi Nakamura <ynakam@...achisoft.jp> Cc: linux-kernel@...r.kernel.org, linuxsh-dev@...ts.sourceforge.net, lethal@...ux-sh.org, Al Viro <aviro@...hat.com> Subject: Re: [patch] audit support for SH On Wednesday 07 November 2007 12:04:46 am Yuichi Nakamura wrote: > I found syscall audit does not work on SH(SuperH). > I made patch to support syscall audit for SH. I think this is close, but it looks like you missed the syscall classification piece. You can find an example here: arch/x86_64/kernel/audit.c Its used for determining which syscalls we are interested in for watches. Also, IBM and HP both have released audit test suites. You should run the CAPP tests at a minimum to see if you have hooked everything that is expected. If you have SE Linux enabled for that platform, you may want to try the LSPP tests but you would need have the MLS policy installed. IBM's announcement is here: https://www.redhat.com/archives/redhat-lspp/2007-August/msg00002.html and HP's here: https://www.redhat.com/archives/linux-audit/2007-August/msg00030.html And...user space would need an update for the syscall table and arches so that you can run the tests. Please send that patch to linux-audit mail list. Thanks, -Steve - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists