|
Home > Archive > Debian Developers > May 2007 > auditd -- User space tools for 2.6 kernel SELinux auditing
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
auditd -- User space tools for 2.6 kernel SELinux auditing
|
|
| Philipp Matthias Hahn 2007-03-22, 1:29 pm |
| Hello!
I've put some work into creating a first version of a Debian package of
audit-1.5.1 for private use, which you can get from
http://pint.pmhahn.de/pmhahn/debian/etch/a/audit/
Perhaps you can take a look at it and provide some feedback to get it
into shape for official upload to Debian. One major chanhe compared to
the Red-Hat package is, that all binaries live under /usr/sbin and not
under /sbin.
If auditing is required to start as early as possible, than I might have
to move it from /usr to /. Any comments on this issue?
Sincerely
Philipp
--
Philipp Matthias Hahn <pmhahn@debian.org>
GPG/PGP: 9A540E39 @ keyrings.debian.org
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Manoj Srivastava 2007-03-22, 7:25 pm |
| On Thu, 22 Mar 2007 16:11:10 +0100, Philipp Matthias Hahn
<pmhahn@debian.org> said:
> Hello! I've put some work into creating a first version of a Debian
> package of audit-1.5.1 for private use, which you can get from
> http://pint.pmhahn.de/pmhahn/debian/etch/a/audit/
> Perhaps you can take a look at it and provide some feedback to get
> it into shape for official upload to Debian. One major chanhe
> compared to the Red-Hat package is, that all binaries live under
> /usr/sbin and not under /sbin. If auditing is required to start as
> early as possible, than I might have to move it from /usr to /. Any
> comments on this issue?
I would prefer you do move it back to /sbin. A number of
SELinux tools are moving to depend on audit, and some of these do
require them to be functional before the other file systems are
mounted. I can live with them being in /usr, but that does reduce
the functionality of user tools for SELinux in early boot.
Thanks for taking up audit, BTW, or else I wqould have had top
package it myself for lenny, and I don't really want any more
packages than I already have.
manoj
--
Women are just like men, only different.
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Russell Coker 2007-03-23, 1:22 pm |
| On Friday 23 March 2007 05:42, Manoj Srivastava <srivasta@debian.org> wrote:
> I would prefer you do move it back to /sbin. A number of
> SELinux tools are moving to depend on audit, and some of these do
> require them to be functional before the other file systems are
> mounted. I can live with them being in /usr, but that does reduce
> the functionality of user tools for SELinux in early boot.
I think it's probably best to leave it in the upstream location in this case.
However given that /var/log will probably be a separate FS and /var/log/audit
will certainly be a separate FS for anyone who is really serious about
auditing it seems that relying on /usr isn't going to be a problem - non-root
FSs have to be mounted before auditd is started anyway.
> Thanks for taking up audit, BTW, or else I wqould have had top
> package it myself for lenny, and I don't really want any more
> packages than I already have.
AOL.
--
russell@coker.com.au
http://etbe.blogspot.com/ My Blog
http://www.coker.com.au/sponsorship.html Sponsoring Free Software development
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Philipp Matthias Hahn 2007-05-06, 7:17 am |
| Hello Thomas!
On Sat, May 05, 2007 at 11:30:55AM +0200, Thomas Girard wrote:
> I have been able to build a preliminary frysk package using these audit
> packages. I agree with Manoj and Russell, we should probably follow
> upstream location.
Yes, I already changed it.
> Could you please upload it when you think it's ready?
I'm currently building and testing 1.5.3. Should be ready on monday.
BYtE
Philipp
--
Philipp Matthias Hahn <pmhahn@debian.org>
GPG/PGP: 9A540E39 @ keyrings.debian.org
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|
|