| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Mar 2021 08:57:42 -0400
From: Richard Guy Briggs <rgb@...hat.com>
To: Phil Sutter <phil@....cc>,
Linux-Audit Mailing List <linux-audit@...hat.com>,
LKML <linux-kernel@...r.kernel.org>,
netfilter-devel@...r.kernel.org, Paul Moore <paul@...l-moore.com>,
Eric Paris <eparis@...isplace.org>,
Steve Grubb <sgrubb@...hat.com>,
Florian Westphal <fw@...len.de>, twoerner@...hat.com,
tgraf@...radead.org, dan.carpenter@...cle.com,
Jones Desougi <jones.desougi+netfilter@...il.com>
Subject: Re: [PATCH] audit: log nftables configuration change events once per
table
On 2021-03-19 13:52, Phil Sutter wrote:
> On Thu, Mar 18, 2021 at 02:37:03PM -0400, Richard Guy Briggs wrote:
> > On 2021-03-18 17:30, Phil Sutter wrote:
> [...]
> > > Why did you leave the object-related logs in place? They should reappear
> > > at commit time just like chains and sets for instance, no?
> >
> > There are other paths that can trigger these messages that don't go
> > through nf_tables_commit() that affect the configuration data. The
> > counters are considered config data for auditing purposes and the act of
> > resetting them is audittable. And the only time we want to emit a
> > record is when they are being reset.
>
> Oh, I see. I wasn't aware 'nft reset' bypasses the transaction logic,
> thanks for clarifying!
That's my current understanding. If someone else has a better
understanding I'd be grateful if they could correct me.
> Cheers, Phil
- RGB
--
Richard Guy Briggs <rgb@...hat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
Powered by blists - more mailing lists