* system auditing or event logging facilities
@ 2004-12-29 1:55 Nick Gray
2004-12-29 3:02 ` Robert Potter
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Nick Gray @ 2004-12-29 1:55 UTC (permalink / raw)
To: SELinux ML
I am looking into C2/Capp auditing/event logging. Has there been any
work on this in regards to SELinux ?
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread* RE: system auditing or event logging facilities
2004-12-29 1:55 system auditing or event logging facilities Nick Gray
@ 2004-12-29 3:02 ` Robert Potter
2004-12-29 13:31 ` Steve G
2004-12-30 6:06 ` SE-Linux File server Jayendren Anand Maduray
2 siblings, 0 replies; 6+ messages in thread
From: Robert Potter @ 2004-12-29 3:02 UTC (permalink / raw)
To: 'SELinux ML'; +Cc: 'Nick Gray'
For auditing and potential certification (like C2), visit InterSect Alliance
for their SNARE product, or look into Secure Auditing for Linux (SAL).
SAL is a DARPA project on SourceForge to develop a kernel level auditing
package for Red Hat Linux that is compliant with the Common Criteria
specifications (C2 level equivalency). It uses encryption to protect logged
data. While it is not ready to meet a C2 cert, you can see details of
progress and a comparison between common criteria and the current software
version at: http://secureaudit.sourceforge.net
You might also ask Trent Jaeger at IBM research for the latest info, as he
reads this list.
Regards,
Rob Potter
-----Original Message-----
From: owner-selinux@tycho.nsa.gov [mailto:owner-selinux@tycho.nsa.gov] On
Behalf Of Nick Gray
Sent: Tuesday, December 28, 2004 5:56 PM
To: SELinux ML
Subject: system auditing or event logging facilities
I am looking into C2/Capp auditing/event logging. Has there been any
work on this in regards to SELinux ?
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: system auditing or event logging facilities
2004-12-29 1:55 system auditing or event logging facilities Nick Gray
2004-12-29 3:02 ` Robert Potter
@ 2004-12-29 13:31 ` Steve G
2004-12-30 6:06 ` SE-Linux File server Jayendren Anand Maduray
2 siblings, 0 replies; 6+ messages in thread
From: Steve G @ 2004-12-29 13:31 UTC (permalink / raw)
To: selinux
Hi,
I'm writing a linux audit daemon. Its aiming to meet the requirements you
mentioned. Its currently distributed in Red Hat's rawhide repository and will
eventually be distributed in Red Hat Enterprise Linux 4.
The current release in rawhide isn't terribly useful as its still a work in
progress. The code I'll be releasing as 0.6 is a big step forward and is good
enough for people to start playing with. You can get it from here:
http://mirrors.kernel.org/fedora/core/development/ Choose your arch and get
audit-0.5.6.
There is another mail list to discuss auditing: linux-audit@redhat.com. You might
want to look at the archives or join depending on your interest level.
http://www.redhat.com/mailman/listinfo/linux-audit
-Steve Grubb
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
* SE-Linux File server
2004-12-29 1:55 system auditing or event logging facilities Nick Gray
2004-12-29 3:02 ` Robert Potter
2004-12-29 13:31 ` Steve G
@ 2004-12-30 6:06 ` Jayendren Anand Maduray
2005-01-03 13:48 ` Stephen Smalley
2 siblings, 1 reply; 6+ messages in thread
From: Jayendren Anand Maduray @ 2004-12-30 6:06 UTC (permalink / raw)
To: 'Nick Gray', 'SELinux ML'
Hi!
I am planning to implement a file server using FC2 with SELinux.
It will server as a smb server.
Are they any best practices/guidelines that you guys have?
God bless
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: SE-Linux File server
2004-12-30 6:06 ` SE-Linux File server Jayendren Anand Maduray
@ 2005-01-03 13:48 ` Stephen Smalley
2005-01-04 5:50 ` Jayendren Anand Maduray
0 siblings, 1 reply; 6+ messages in thread
From: Stephen Smalley @ 2005-01-03 13:48 UTC (permalink / raw)
To: jayendren; +Cc: 'Nick Gray', 'SELinux ML'
On Thu, 2004-12-30 at 01:06, Jayendren Anand Maduray wrote:
> Hi!
> I am planning to implement a file server using FC2 with SELinux.
> It will server as a smb server.
> Are they any best practices/guidelines that you guys have?
FC3 is strongly recommended over FC2 for SELinux users. See the
"Upgrade to Fedora Core 3" note in
http://fedora.redhat.com/docs/selinux-faq-fc2/. Note that you will then
likely want to switch to strict policy on FC3, not the default targeted
policy.
--
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: SE-Linux File server
2005-01-03 13:48 ` Stephen Smalley
@ 2005-01-04 5:50 ` Jayendren Anand Maduray
0 siblings, 0 replies; 6+ messages in thread
From: Jayendren Anand Maduray @ 2005-01-04 5:50 UTC (permalink / raw)
To: 'Stephen Smalley'; +Cc: 'Nick Gray', 'SELinux ML'
Happy new year!
Thanks, I just downloaded fc3, however the upgrade process seems to be a bit
iffy, so I performed a clean install.
I will try out the strict policy, and thanks a million for your response.
God bless.
-----Original Message-----
From: Stephen Smalley [mailto:sds@epoch.ncsc.mil]
Sent: 03 January 2005 03:48 PM
To: jayendren@hivsa.com
Cc: 'Nick Gray'; 'SELinux ML'
Subject: Re: SE-Linux File server
On Thu, 2004-12-30 at 01:06, Jayendren Anand Maduray wrote:
> Hi!
> I am planning to implement a file server using FC2 with SELinux.
> It will server as a smb server.
> Are they any best practices/guidelines that you guys have?
FC3 is strongly recommended over FC2 for SELinux users. See the
"Upgrade to Fedora Core 3" note in
http://fedora.redhat.com/docs/selinux-faq-fc2/. Note that you will then
likely want to switch to strict policy on FC3, not the default targeted
policy.
--
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2005-01-04 5:51 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-12-29 1:55 system auditing or event logging facilities Nick Gray
2004-12-29 3:02 ` Robert Potter
2004-12-29 13:31 ` Steve G
2004-12-30 6:06 ` SE-Linux File server Jayendren Anand Maduray
2005-01-03 13:48 ` Stephen Smalley
2005-01-04 5:50 ` Jayendren Anand Maduray
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.