lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAHC9VhTtCkMRo2ozuZyw_X-eyOQ2fZ89p=f9JwXRSRrHwrNo_Q@mail.gmail.com>
Date:   Tue, 23 Aug 2022 15:27:35 -0400
From:   Paul Moore <paul@...l-moore.com>
To:     Gaosheng Cui <ecronic@...look.com>
Cc:     eparis@...hat.com, linux-audit@...hat.com,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH next] audit: printk before dropping logs in audit_log_end

On Mon, Aug 22, 2022 at 10:33 PM Gaosheng Cui <ecronic@...look.com> wrote:
>
> Thanks for your reply.
>
> This is a personal idea of mine,in the process of using audit,I find that if the audit rules are configured too much,or the server hard-disk performance is too poor,hitting a rate limit will be easy to occur,then some logs would be dropped directly.
> I think we should print the record to the console,just likely the last thing we want to do,better play the role of audit,and improve kernel security.
>
> I hope that will be helpful,thanks.

Yes, thank you for the additional information on your environment and
use case.  As I'm sure you already know, the audit rate limit, backlog
queue depth, and other related tunables can all be configured at boot
or runtime to help ensure that the system remains responsive in the
face of higher audit loads.

-- 
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ