From: Steve Grubb <sgrubb@redhat.com>
To: Tyler Hicks <tyhicks@canonical.com>
Cc: linux-audit@redhat.com
Subject: Re: [PATCH 0/5] Build time disabling of auditd network listener
Date: Mon, 05 Nov 2012 09:17:34 -0500 [thread overview]
Message-ID: <1483820.RejpNgCZxJ@x2> (raw)
In-Reply-To: <1343804424-3172-1-git-send-email-tyhicks@canonical.com>
On Wednesday, August 01, 2012 12:00:19 AM Tyler Hicks wrote:
> Hello Steve - This is a patch set that allows --disable-listener to be
> passed to the configure script to disable the auditd network listener code
> at build time. The reasoning is that a large number of users do not need
> centralized audit logging and removing the network listening code from a
> root-owned auditd process is appealing from a security perspective.
>
> The existing implementation clearly does not initialize the listener when
> tcp_listen_port is undefined in auditd.conf, but I still think there is
> value in not having the listening code present in all auditd installations.
>
> The first three patches in the set are refactoring patches to move nearly
> all of the listening code into auditd-listen.c in order to minimize the
> number of ifdefs that would need to be scattered throughout C source files.
> The fourth patch is an optional cleanup patch. The last patch introduces
> the --disable-listener option.
>
> The auditd listener code is still enabled by default so that existing distro
> packaging recipes will not need to be updated.
Applied.
-Steve
prev parent reply other threads:[~2012-11-05 14:17 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-01 7:00 [PATCH 0/5] Build time disabling of auditd network listener Tyler Hicks
2012-08-01 7:00 ` [PATCH 1/5] Move auditd listener reconfigure code into auditd-listen.c Tyler Hicks
2012-08-01 7:00 ` [PATCH 2/5] Store daemon config pointer in the periodic watcher's private data Tyler Hicks
2012-08-01 7:00 ` [PATCH 3/5] Move periodic watcher into auditd-listen.c Tyler Hicks
2012-08-01 7:00 ` [PATCH 4/5] Consolidate periodic handler code Tyler Hicks
2012-08-01 7:00 ` [PATCH 5/5] Conditionally build auditd network listener support Tyler Hicks
2012-09-10 18:39 ` [PATCH 0/5] Build time disabling of auditd network listener Tyler Hicks
2012-09-11 13:12 ` Steve Grubb
2012-09-11 17:10 ` Tyler Hicks
2012-10-26 17:09 ` Tyler Hicks
2012-10-26 17:14 ` Steve Grubb
2012-11-05 14:17 ` Steve Grubb [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1483820.RejpNgCZxJ@x2 \
--to=sgrubb@redhat.com \
--cc=linux-audit@redhat.com \
--cc=tyhicks@canonical.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.