linux port of /dev/audit
Andrew Reiter
s467338 at gettysburg.edu
Mon May 22 14:25:53 GMT 2000
I believe that some people have already done this. Obviously,
implementation will be quite different. I know that HERT has completed
one for Linux. Now, if I were you, I'd definitely look at POSIX.1e spec
for specifications on the audit interface (which I am assuming you are
interested in). By staying compatible with that, you will have a greater
chance of not only staying "compatible" with the TrustedBSD work but also
with other POSIX-ified audit subsystems. As for the documentation on what
we'll be doing? In the works. The interface _will_ be based on POSIX.1e,
however, the docs to be coming out will be related to implementation
specifics. These will obviously not really help you because of the BSD
and linux differences.
Andrew
On Mon, 22 May 2000, Beat Christen wrote:
|
|Hi BSD people.
|
|I will be working on a /dev/audit port for the linux kernel as part of my
|masters thesis. To reduce double work, I'll try to stay compatible with
|the TrustedBSD /dev/audit binary format.
|Is there already a document on what this will look like, besides the
|source?
|
|greets,
|Beat
|
|To Unsubscribe: send mail to majordomo at trustedbsd.org
|with "unsubscribe trustedbsd-discuss" in the body of the message
|
---------------------------------------------------------
Andrew Reiter <s467338 at gettysburg.edu>
Computer Security Engineer
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list