The lightweight auditing framework
Posted Apr 8, 2004 22:44 UTC (Thu) by Klavs
Parent article: The lightweight auditing framework
Whats the diff. from this - and the feature systrace supports for doing exactly this(when recording a profile)? I'm guessing theres a good reason he reinvented the wheel, instead of just using the systrace code for this (he could leave out the allow/disallow parts if he didn't want them) ?
Anyways, just curious - systrace seems like a good idea, and just wondering why he didn't just use its code for the audit part.
There could be a ton of valid reasons ofcourse - just wanted to "throw in" the question that comes to mind.. hoping the vanilla 2.6 kernel will shape up to be a bit more capable security-wise, than vanilla-2.4 is :) (thinking of projects such as LIDS, SELinux (already in via the new cool security-modules feature), systrace, vserver etc.). Unfortunately a project like vserver can't be implemented as a security-module only AFAIK, and perhaps the same goes for systrace?
Why not just patch the stuff in yourself, you might think? Well the problems I found with this, was that some patches I used, were very much incompatible - and my limited knowledge of kernel-code could not figure out how to merge them together - ie. I had to choose what features I wanted to use, out of the ones I would have liked to have :(
I must say the 2.6 is already shaping up very well, as IPv6 and IPSEC is looking good - and as it is now in the kernel (the USAGE version) it won't give me any problems anymore :)
Enough rambling.. its late and I'm just thinking aloud - ignore me if you will :)
to post comments)