lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210319125243.GU5298@orbyte.nwl.cc>
Date:   Fri, 19 Mar 2021 13:52:43 +0100
From:   Phil Sutter <phil@....cc>
To:     Richard Guy Briggs <rgb@...hat.com>
Cc:     Linux-Audit Mailing List <linux-audit@...hat.com>,
        LKML <linux-kernel@...r.kernel.org>,
        netfilter-devel@...r.kernel.org, Paul Moore <paul@...l-moore.com>,
        Eric Paris <eparis@...isplace.org>,
        Steve Grubb <sgrubb@...hat.com>,
        Florian Westphal <fw@...len.de>, twoerner@...hat.com,
        tgraf@...radead.org, dan.carpenter@...cle.com,
        Jones Desougi <jones.desougi+netfilter@...il.com>
Subject: Re: [PATCH] audit: log nftables configuration change events once per
 table

On Thu, Mar 18, 2021 at 02:37:03PM -0400, Richard Guy Briggs wrote:
> On 2021-03-18 17:30, Phil Sutter wrote:
[...]
> > Why did you leave the object-related logs in place? They should reappear
> > at commit time just like chains and sets for instance, no?
> 
> There are other paths that can trigger these messages that don't go
> through nf_tables_commit() that affect the configuration data.  The
> counters are considered config data for auditing purposes and the act of
> resetting them is audittable.  And the only time we want to emit a
> record is when they are being reset.

Oh, I see. I wasn't aware 'nft reset' bypasses the transaction logic,
thanks for clarifying!

Cheers, Phil

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ