| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 5 Jun 2020 14:09:09 -0700
From: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
To: Paul Moore <paul@...l-moore.com>
Cc: Mimi Zohar <zohar@...ux.ibm.com>, linux-integrity@...r.kernel.org,
tusharsu@...ux.microsoft.com, linux-kernel@...r.kernel.org,
linux-audit@...hat.com
Subject: Re: [PATCH] IMA: Add log statements for failure conditions
On 6/5/20 1:49 PM, Paul Moore wrote:
>
>> Since a pr_xyz() call was already present, I just wanted to change the
>> log level to keep the code change to the minimum. But if audit log is
>> the right approach for this case, I'll update.
>
> Generally we reserve audit for things that are required for various
> security certifications and/or "security relevant". From what you
> mentioned above, it seems like this would fall into the second
> category if not the first.
>
> Looking at your patch it doesn't look like you are trying to record
> anything special so you may be able to use the existing
> integrity_audit_msg(...) helper. Of course then the question comes
> down to the audit record type (the audit_msgno argument), the
> operation (op), and the comm/cause (cause).
>
> Do you feel that any of the existing audit record types are a good fit for this?
>
Maybe I can use the audit_msgno "AUDIT_INTEGRITY_PCR" with appropriate
strings for "op" and "cause".
Mimi - please let me know if you think this audit_msgno would be ok to
use. I see this code used, for instance, for boot aggregate measurement.
integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op,
audit_cause, result, 0);
thanks,
-lakshmi
Powered by blists - more mailing lists