From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: [PATCH 0/5] Build time disabling of auditd network listener Date: Mon, 05 Nov 2012 09:17:34 -0500 Message-ID: <1483820.RejpNgCZxJ@x2> References: <1343804424-3172-1-git-send-email-tyhicks@canonical.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1343804424-3172-1-git-send-email-tyhicks@canonical.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Tyler Hicks Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com On Wednesday, August 01, 2012 12:00:19 AM Tyler Hicks wrote: > Hello Steve - This is a patch set that allows --disable-listener to be > passed to the configure script to disable the auditd network listener code > at build time. The reasoning is that a large number of users do not need > centralized audit logging and removing the network listening code from a > root-owned auditd process is appealing from a security perspective. > > The existing implementation clearly does not initialize the listener when > tcp_listen_port is undefined in auditd.conf, but I still think there is > value in not having the listening code present in all auditd installations. > > The first three patches in the set are refactoring patches to move nearly > all of the listening code into auditd-listen.c in order to minimize the > number of ifdefs that would need to be scattered throughout C source files. > The fourth patch is an optional cleanup patch. The last patch introduces > the --disable-listener option. > > The auditd listener code is still enabled by default so that existing distro > packaging recipes will not need to be updated. Applied. -Steve