| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 02 Aug 2014 19:38:05 -0700 From: Peter Moody <pmoody@...gle.com> To: Alex Elsayed <eternaleye@...il.com> Cc: linux-security-module@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH v2 0/2] RFC, aiding pid/network correlation On Sat, Aug 02 2014 at 19:28, Alex Elsayed wrote: > Oh, I see now. Okay, that's actually considerably simpler - I just had > somehow gotten it fixated into my mind that the info would be used to decide > on allow/deny actions. > > The trick to do what you want is the 'audit' support in both - > here I'll use CaitSith as an example since the syntax is nicer. Do these audit logs end up with the audit subsystem? My experience with the audit subsystem is that performance takes a big hit when you start sending thousands (or even hundreds) of audit messages per second. > In the header of a CaitSith policy, you specify resource limits for audit > logs in the format I will definitely check out caitsith though. I think I saw Tetsuo talk about it at LSS in San Diego a few years ago. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists