From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: Linux audit newbie question (Sorry probably a little boring...)
Date: Mon, 8 May 2006 11:12:28 -0400
Message-ID: <200605081112.28425.sgrubb@redhat.com>
References: <027801c671e0$15e3a010$03022c0a@kearney>
	<200605081038.04062.sgrubb@redhat.com>
	<028601c671e5$00134470$03022c0a@kearney>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <028601c671e5$00134470$03022c0a@kearney>
Content-Disposition: inline
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Adrian Powell <awp@cray.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Sunday 07 May 2006 10:46, Adrian Powell wrote:
> =C2=A0 =C2=A0 =C2=A0 Thanks for the information. =C2=A0 If we were able=
 to go for a 2.6.14
> kernel at some point in the future, =C2=A0would you be fairly confident=
 that this
> syscall auditing code would be maintained in the forseeable future ?. =C2=
=A0

Yes, it is in the kernel that is distributed by kernel.org. So, it will b=
e=20
maintained. It is also a main ingrediant for anyone doing CAPP/LSPP=20
certification. All major distributions and their hardware partners have a=
=20
vested interest in doing this, so there should be people to maintain this=
 in=20
the future.

That said, I don't forsee a lot of maintenance once we are completely don=
e=20
with it. It is the kind of project that can come to an end and just have=20
someone watch for changes that may impact the audit system (new syscalls,=
=20
changed code paths, etc.)

> It appears that many of the earlier developers have now moved on to oth=
er
> things from what I can find. Who is regarded as the definitive develope=
r of
> this code these days ?.

I am for user space side, there is a bunch of people that have worked on =
the=20
kernel side of it. This mail list can be used for any questions or concer=
ns=20
about the native/upstreamed linux kernel audit system for either user spa=
ce=20
or kernel.

-Steve