Date: Mon, 15 Oct 2001 10:19:15 -0400 (EDT) From: "Andrew R. Reiter" <arr@watson.org> To: "Ilmar S. Habibulin" <ilmar@watson.org> Cc: Kris Kennaway <kris@obsecurity.org>, Maxim Sobolev <sobomax@FreeBSD.ORG>, kris@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Recent major changes in the NetBSD audit system Message-ID: <Pine.NEB.3.96L.1011015101433.95862A-100000@fledge.watson.org> In-Reply-To: <Pine.BSF.3.96.1011015041913.91974B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In general, the specifics of 12th of October audit system change would be covered by the trustedbsd audit system since we're doing much more fine grained auditing than that is being done here in NetBSD. Pulling specific information, such as that listed in the url below, would be the job of the pre/post selected audited records and the person who configures that. I see the importance of what they are doing, but I also feel that they are going the tripwire route -- which is flawed since it relies on trusting hte kernel for valid information. Andrew On Mon, 15 Oct 2001, Ilmar S. Habibulin wrote: : : :On Sat, 13 Oct 2001, Kris Kennaway wrote: : :> > FYI: http://www.netbsd.org/Changes/#audit-011013 :> Looks cool. Anyone want to port it over? :I think it should be review as part of TrustedBSD audit subsystem. : : : :To Unsubscribe: send mail to majordomo@FreeBSD.org :with "unsubscribe freebsd-security" in the body of the message : *-------------................................................. | Andrew R. Reiter | arr@fledge.watson.org | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1011015101433.95862A-100000>