event auditing
richard offer
offer at sgi.com
Fri Aug 3 19:14:18 GMT 2001
* frm thenamelessone at abacho.de "08/03/01 18:42:38 +0200" | sed '1,$s/^/* /'
*
* an idea for making event auditing extensible:
* there are some defined events. you can enable or
* disable the events.this means that an action will
* happen if the event occurs or nothing will happen.
* the action can also be defined.perhaps only a message
* an user-level security manager shall be sent and the
* manager decides what to do.
*
You really want the kernel to decide whether to record or throw away the
audit record, audit will generate a huge ammount of data, passing all that
up to userland only to throw away 99% of it is sub-optimal.
Note that there are requirements for audit event selection, both pass and
fail must be independently selectable.
richard.
-----------------------------------------------------------------------
Richard Offer Technical Lead, Trust Technology, SGI
"Specialization is for insects"
_______________________________________________________________________
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list