lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20210319125742.GM3141668@madcap2.tricolour.ca>
Date:   Fri, 19 Mar 2021 08:57:42 -0400
From:   Richard Guy Briggs <rgb@...hat.com>
To:     Phil Sutter <phil@....cc>,
        Linux-Audit Mailing List <linux-audit@...hat.com>,
        LKML <linux-kernel@...r.kernel.org>,
        netfilter-devel@...r.kernel.org, Paul Moore <paul@...l-moore.com>,
        Eric Paris <eparis@...isplace.org>,
        Steve Grubb <sgrubb@...hat.com>,
        Florian Westphal <fw@...len.de>, twoerner@...hat.com,
        tgraf@...radead.org, dan.carpenter@...cle.com,
        Jones Desougi <jones.desougi+netfilter@...il.com>
Subject: Re: [PATCH] audit: log nftables configuration change events once per
 table

On 2021-03-19 13:52, Phil Sutter wrote:
> On Thu, Mar 18, 2021 at 02:37:03PM -0400, Richard Guy Briggs wrote:
> > On 2021-03-18 17:30, Phil Sutter wrote:
> [...]
> > > Why did you leave the object-related logs in place? They should reappear
> > > at commit time just like chains and sets for instance, no?
> > 
> > There are other paths that can trigger these messages that don't go
> > through nf_tables_commit() that affect the configuration data.  The
> > counters are considered config data for auditing purposes and the act of
> > resetting them is audittable.  And the only time we want to emit a
> > record is when they are being reset.
> 
> Oh, I see. I wasn't aware 'nft reset' bypasses the transaction logic,
> thanks for clarifying!

That's my current understanding.  If someone else has a better
understanding I'd be grateful if they could correct me.

> Cheers, Phil

- RGB

--
Richard Guy Briggs <rgb@...hat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ