lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080222-114832-init-kconfig-4@tull.net>
Date:	Fri, 22 Feb 2008 11:52:44 +1100
From:	Nick Andrew <nick@...k-andrew.net>
To:	trivial@...nel.org
Cc:	linux-kernel@...r.kernel.org, Pavel Emelyanov <xemul@...nvz.org>,
	Serge Hallyn <serue@...ibm.com>,
	Randy Dunlap <randy.dunlap@...cle.com>,
	Paul Menage <menage@...gle.com>, Paul Jackson <pj@....com>,
	Valdis Kletnieks <Valdis.Kletnieks@...edu>
Subject: [PATCH 2.6.25-rc2 4/9] Kconfig: Improve init/Kconfig help descriptions - AUDIT

Rewrite the help descriptions for clarity, accuracy and consistency.

Kernel config options affected:

  - AUDIT
  - AUDITSYSCALL

Signed-off-by: Nick Andrew <nick@...k-andrew.net>
---
Try #3.

--- a/init/Kconfig	2008-02-20 09:34:48.000000000 +1100
+++ b/init/Kconfig	2008-02-21 09:15:18.000000000 +1100
@@ -218,20 +218,37 @@ config AUDIT
 	bool "Auditing support"
 	depends on NET
 	help
-	  Enable auditing infrastructure that can be used with another
-	  kernel subsystem, such as SELinux (which requires this for
-	  logging of avc messages output).  Does not do system-call
-	  auditing without CONFIG_AUDITSYSCALL.
+	  Enable an auditing infrastructure that can be used with another
+	  kernel subsystem, such as Security-Enhanced Linux (SELinux),
+	  which requires this option for logging of security related
+	  messages.
+
+	  With this option, the kernel can use netlink to pass audit
+	  messages to an audit daemon process. Otherwise, audit messages
+	  are logged to syslog.
+
+	  See <http://www.nsa.gov/selinux/> for more information
+	  on Security-Enhanced Linux.
+
+	  CONFIG_AUDITSYSCALL (see below) is also required for
+	  system-call auditing.
+
+	  If unsure, say N.
 
 config AUDITSYSCALL
 	bool "Enable system-call auditing support"
 	depends on AUDIT && (X86 || PPC || PPC64 || S390 || IA64 || UML || SPARC64|| SUPERH)
 	default y if SECURITY_SELINUX
 	help
-	  Enable low-overhead system-call auditing infrastructure that
+	  Enable a low-overhead system-call auditing infrastructure that
 	  can be used independently or with another kernel subsystem,
-	  such as SELinux.  To use audit's filesystem watch feature, please
-	  ensure that INOTIFY is configured.
+	  such as SELinux.
+
+	  To use audit's filesystem watch feature, please ensure
+	  that CONFIG_INOTIFY is enabled. See the 'File systems'
+	  menu for Inotify file change notification support.
+
+	  If unsure, say N.
 
 config AUDIT_TREE
 	def_bool y
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ