From: John Dennis <jdennis@redhat.com>
To: KaiGai Kohei <kaigai@ak.jp.nec.com>
Cc: linux-audit@redhat.com, selinux <selinux@tycho.nsa.gov>
Subject: Re: [PATCH] database audit integration (Re: Some ideas in SE-PostgreSQL enhancement)
Date: Thu, 26 Mar 2009 17:45:08 -0400 [thread overview]
Message-ID: <49CBF764.5000505@redhat.com> (raw)
In-Reply-To: <49CB1C7A.2050206@ak.jp.nec.com>
KaiGai Kohei wrote:
> Hello,
>
> I'm a developer of SE-PostgreSQL which is an enhancement of
> database security using SELinux. It enables to apply the
> security policy of the operating system on accesses to
> database objects also.
> It makes an access control decision and audit messages, but
> these are not written out to system audit mechanism.
>
> I believe our preferable behavior is the system audit collects
> all the audit messages come from SELinux, not a logfile of
> PostgreSQL.
>
> Currently, the audit-libs has an interface to write a message
> come from userspace avc, but some of parameter is not suitable
> for the reference monitor in database management system.
>
In the past it has been stated the kernel audit system is not
appropriate for general application logging because the kernel audit
system is not easily extensible and is not the place to log general
application data. While it is true the kernel audit system does allow
for some user level application logging by design and intention it is
constrained to select events deemed worthy of exception.
There is a new project called IPA (Identity, Policy, Audit) under
development. IPA v1 has been released, but the initial v1 release
focused only on the "I" part of IPA. In v2 we plan on filling out the
"P" and "A" parts. One of the things we're introducing for the Audit
component is a library called ELAPI (Event Logging API) which allows
applications to generate logging event data which is recursively
structured with key/value pairs (which can also be reformatted into
traditional strings). The library is capable of "dispatching" the
structured events to a variety of destination "sinks" (i.e. syslog,
file, IPA central logging repository, etc.). The destination sink
processing is accomplished with loadable plugin's so it should be easy
to to support any destination you want once you start utilizing the
ELAPI to log information. We had been planning on adding the kernel
audit system as a possible destination sink until the philosophy in the
above paragraph was pointed out to us.
ELAPI can be installed independent of IPA. I just went looking for
external documentation on ELAPI but it appears as though the ELAPI
documentation is only on a non-public wiki at the moment. I will try to
get that issue fixed shortly. ELAPI is still in development, although I
would say it's reaching the point of an alpha release.
Thus you may want to consider ELAPI for logging Secure Postgresql
messages and we would be interested in having you as a third party
review and exercise the library.
--
John Dennis <jdennis@redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
next prev parent reply other threads:[~2009-03-26 21:45 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-23 10:37 The status of SE-PostgreSQL KaiGai Kohei
2009-03-23 10:37 ` [refpolicy] " KaiGai Kohei
2009-03-23 14:56 ` Shaz
2009-03-23 14:57 ` Shaz
2009-03-23 15:19 ` Andy Warner
2009-03-24 2:14 ` KaiGai Kohei
2009-03-24 2:14 ` [refpolicy] " KaiGai Kohei
2009-03-25 6:54 ` Some ideas in SE-PostgreSQL enhancement (Re: The status of SE-PostgreSQL) KaiGai Kohei
2009-03-25 6:54 ` [refpolicy] " KaiGai Kohei
2009-03-25 7:45 ` Andy Warner
2009-03-25 8:20 ` KaiGai Kohei
2009-03-25 8:59 ` Andy Warner
2009-03-25 12:00 ` KaiGai Kohei
2009-03-25 17:02 ` Andy Warner
2009-03-26 0:13 ` KaiGai Kohei
2009-03-25 17:43 ` Joshua Brindle
2009-03-25 19:42 ` Andy Warner
2009-03-27 15:43 ` Joshua Brindle
2009-03-27 16:25 ` Andy Warner
2009-03-27 17:15 ` Joshua Brindle
2009-03-27 17:54 ` Andy Warner
2009-03-27 18:12 ` Joshua Brindle
2009-03-27 18:48 ` Andy Warner
2009-03-27 19:53 ` Joshua Brindle
2009-03-27 20:04 ` Andy Warner
2009-03-27 23:59 ` KaiGai Kohei
2009-03-28 7:17 ` Andy Warner
2009-03-30 0:56 ` KaiGai Kohei
2009-03-30 8:21 ` KaiGai Kohei
2009-03-30 9:58 ` Andy Warner
2009-03-30 13:22 ` KaiGai Kohei
2009-04-22 0:08 ` Eamon Walsh
2009-04-22 3:59 ` KaiGai Kohei
2009-05-01 4:54 ` Eamon Walsh
2009-05-07 1:34 ` KaiGai Kohei
2009-05-07 7:24 ` KaiGai Kohei
2009-03-30 9:49 ` Andy Warner
2009-03-26 5:50 ` [PATCH] Expose avc_netlink_loop() for applications (Re: Some ideas in SE-PostgreSQL enhancement) KaiGai Kohei
2009-03-26 23:28 ` Eamon Walsh
2009-03-26 23:41 ` Eamon Walsh
2009-03-27 0:35 ` KaiGai Kohei
2009-03-28 0:54 ` Eamon Walsh
2009-03-28 2:00 ` KaiGai Kohei
2009-03-30 4:56 ` KaiGai Kohei
2009-03-26 6:11 ` [PATCH] database audit integration " KaiGai Kohei
2009-03-26 6:11 ` KaiGai Kohei
2009-03-26 21:45 ` John Dennis [this message]
[not found] ` <49CB313B.7020507@redhat.com>
2009-03-27 2:34 ` KaiGai Kohei
2009-03-27 2:34 ` KaiGai Kohei
2009-03-26 8:29 ` [PATCH] Permissive domain in userspace " KaiGai Kohei
2009-03-28 2:41 ` Eamon Walsh
2009-03-30 2:55 ` KaiGai Kohei
2009-03-31 1:45 ` KaiGai Kohei
2009-03-31 16:46 ` Stephen Smalley
2009-04-01 1:07 ` [PATCH] Permissive domain in userspace object manager KaiGai Kohei
2009-04-01 1:41 ` KaiGai Kohei
2009-04-01 12:34 ` Stephen Smalley
2009-04-01 20:07 ` Eric Paris
2009-04-01 22:53 ` James Morris
2009-03-27 8:18 ` [PATCH] Policy rework for SE-PostgreSQL (Re: Some ideas in SE-PostgreSQL enhancement) KaiGai Kohei
2009-03-27 8:18 ` [refpolicy] " KaiGai Kohei
2009-03-27 9:44 ` Andy Warner
2009-03-27 11:20 ` KaiGai Kohei
2009-03-27 11:20 ` [refpolicy] " KaiGai Kohei
2009-03-27 11:45 ` Andy Warner
2009-03-27 11:45 ` [refpolicy] " Andy Warner
2009-03-27 12:17 ` KaiGai Kohei
2009-03-27 12:17 ` [refpolicy] " KaiGai Kohei
2009-04-01 7:26 ` Correct manner to handler undefined classes/permissions? " KaiGai Kohei
2009-04-01 12:45 ` Stephen Smalley
2009-04-02 0:28 ` KaiGai Kohei
2009-03-23 15:25 ` The status of SE-PostgreSQL Stephen Smalley
2009-03-23 15:25 ` [refpolicy] " Stephen Smalley
2009-03-24 1:13 ` KaiGai Kohei
2009-03-24 1:13 ` [refpolicy] " KaiGai Kohei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49CBF764.5000505@redhat.com \
--to=jdennis@redhat.com \
--cc=kaigai@ak.jp.nec.com \
--cc=linux-audit@redhat.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.