What's the status of the project?
Andrew R. Reiter
arr at watson.org
Wed Jun 13 14:58:11 GMT 2001
On Wed, 13 Jun 2001, Ilmar S. Habibulin wrote:
> On Tue, 12 Jun 2001, Robert Watson wrote:
>
> > take this task on, I'd certainly welcome that. Andrew Reiter was looking
> > at design considerations, but I think he has been stalled due to
> > circumstances beyond his control :-).
ya... :-/
> I have only some experience in MAC implementation. ;-) I'll read audit
> chapter of the draft, but i don't think that i can take this task. Maybe
> we can exchange opinions - i have nonposix implementation with audit flags
> on files and kernel messages on file access, logged via syslog.
> As i remember, your posix audit implementation logged quite everything.
> There was too much information, and logs grew rapidly.
I basically just started creating a file that had listed a number of known
audit implementations with descriptions of the implementation if I could
get it. It also had a number of questions that I felt were important to
answer before coming out with any sort of design plan. Anyway, the file
has not been updated in a long time. I was told I would receive some
feedback from some of the argus guys... but nothing :-(
The url for the file is: http://www.watson.org/~arr/audit-essentials
Im still interested in helping out on this... whether it be some coding or
design ideas.
Andrew
*-------------.................................................
| Andrew R. Reiter
| arr at fledge.watson.org
| "It requires a very unusual mind
| to undertake the analysis of the obvious" -- A.N. Whitehead
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list