Re: [patch RFC]: userspace crypto auditing

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Cc: Miloslav Trmac <mitr@redhat.com>
Subject: Re: [patch RFC]: userspace crypto auditing
Date: Thu, 5 Aug 2010 12:18:20 -0400	[thread overview]
Message-ID: <201008051218.20389.sgrubb@redhat.com> (raw)
In-Reply-To: <1081006303.243841281016932165.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>

On Thursday, August 05, 2010 10:02:12 am Miloslav Trmac wrote:
> I'm posting these patches for early review; users of the code are not in
> the kernel yet.

Quick public comment (we chatted on IRC), there are already a number of user 
space crypto events. I think what is in the logs here can be fit into the 
existing categories and the user space ones can be replicated in the kernel.

-Steve
 

> Two new records are defined; in each case output of records is caused by a
> syscall, and all other syscall-related data (process identity, syscall
> result) is audited in the usual records.
> 
> AUDIT_CRYPTO_STORAGE_KEY is used when a system-wide storage wrapping key is
> changed.
> 
> AUDIT_CRYPTO_USERSPACE_OP is used when any user-space program performs a
> crypto operation.  To disable auditing these records by default and to
> allow the users to selectively enable them using filters, a new filter
> field AUDIT_CRYPTO_OP is defined; auditing of all crypto operations can
> thus be enabled using (auditctl -a exit,always -F crypto_op!=0).
> 
> Attached for review are:
> - A kernel patch
> - An userspace audit patch
> - A few example audit entries
> 
>     Mirek

     prev parent reply	other threads:[~2010-08-05 16:18 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <1657622092.243781281016896635.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-08-05 14:02 ` [patch RFC]: userspace crypto auditing Miloslav Trmac
2010-08-05 16:18   ` Steve Grubb [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201008051218.20389.sgrubb@redhat.com \
    --to=sgrubb@redhat.com \
    --cc=linux-audit@redhat.com \
    --cc=mitr@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.