lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Jun 2013 18:17:27 +0200 From: xypron.glpk@....de To: eparis@...hat.com Cc: linux-kernel@...r.kernel.org, Heinrich Schuchardt <xypron.glpk@....de> Subject: [PATCH 1/1] Enable fanotify API by default. From: Heinrich Schuchardt <xypron.glpk@....de> The fanotify interface is the basis for on access malware detection in the Linux kernel. The development of a prior solution (DazukoFS) has been stopped therefore. Both free (ClamAV) as well as commercial viurs scanners (Sophos Anti-Virus, AVG) using this interface exist. Since kernel version 3.8.0 the implementationof the fanotify inter- face is errorfree enough to be used on a productive system. Personally I have been using it for virus scanning on multiple systems for several months without issues while a developing a wrapper around ClamAV, see https://github.com/xypron/skyldav A large scale usage of the fanotify interface can only expected if the API is enabled by default. Hence I recommend to change the Kconfig file accordingly. Signed-off-by: Heinrich Schuchardt <xypron.glpk@....de> --- fs/notify/fanotify/Kconfig | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/notify/fanotify/Kconfig b/fs/notify/fanotify/Kconfig index e5f911b..929ad74 100644 --- a/fs/notify/fanotify/Kconfig +++ b/fs/notify/fanotify/Kconfig @@ -2,7 +2,7 @@ config FANOTIFY bool "Filesystem wide access notification" select FSNOTIFY select ANON_INODES - default n + default y ---help--- Say Y here to enable fanotify support. fanotify is a file access notification system which differs from inotify in that it sends @@ -15,7 +15,7 @@ config FANOTIFY_ACCESS_PERMISSIONS bool "fanotify permissions checking" depends on FANOTIFY depends on SECURITY - default n + default y ---help--- Say Y here is you want fanotify listeners to be able to make permissions decisions concerning filesystem events. This is used by some fanotify @@ -23,4 +23,4 @@ config FANOTIFY_ACCESS_PERMISSIONS use those files. This is used by some anti-malware vendors and by some hierarchical storage managent systems. - If unsure, say N. + If unsure, say Y. -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists