From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tyler Hicks Subject: Re: [PATCH 0/5] Build time disabling of auditd network listener Date: Mon, 10 Sep 2012 11:39:10 -0700 Message-ID: <20120910183910.GB3873@boyd> References: <1343804424-3172-1-git-send-email-tyhicks@canonical.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7700466093080757438==" Return-path: In-Reply-To: <1343804424-3172-1-git-send-email-tyhicks@canonical.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Steve Grubb Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com --===============7700466093080757438== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="f2QGlHpHGjS2mn6Y" Content-Disposition: inline --f2QGlHpHGjS2mn6Y Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2012-08-01 00:00:19, Tyler Hicks wrote: > Hello Steve - This is a patch set that allows --disable-listener to be pa= ssed > to the configure script to disable the auditd network listener code at bu= ild > time. The reasoning is that a large number of users do not need centraliz= ed > audit logging and removing the network listening code from a root-owned a= uditd > process is appealing from a security perspective. >=20 > The existing implementation clearly does not initialize the listener when > tcp_listen_port is undefined in auditd.conf, but I still think there is v= alue > in not having the listening code present in all auditd installations. Hi Steve - Do you have any thoughts on this idea? Thanks! Tyler >=20 > The first three patches in the set are refactoring patches to move nearly= all of > the listening code into auditd-listen.c in order to minimize the number of > ifdefs that would need to be scattered throughout C source files. The fou= rth > patch is an optional cleanup patch. The last patch introduces the > --disable-listener option. >=20 > The auditd listener code is still enabled by default so that existing dis= tro > packaging recipes will not need to be updated. >=20 > I look forward to your feedback. Thanks! >=20 > Tyler >=20 > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit --f2QGlHpHGjS2mn6Y Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCgAGBQJQTjPOAAoJENaSAD2qAscKBsQQAM5vbBDVx7EzSJIG0iWE0MaJ MJMvuCpTdKibv51EyI9a9c34l4DS9mZZAcz/TfOvGgllsWxn53aPsqqKzGI2labd ZkXDYRbSge6xJJ6fhp9yIpJ4BMky9wbWlLpwn3XtMajWAyZ+jaWrLNFxsbarw3gy CgVAgXMqXNwIsI5aYwS2eM5DJ+sBOTMg4ekHxXVUt5PeMSF9BiyfN3tPlL1i52xh c0gjp9qDqAKxL19ylIyHBuljKahRtDgI0NZpM7nDKTXHnlqU0JtXu/hEaOyzIzHt qmcpWf1NMEE7YjxLEuvKRBTgCL0QM5SZ3x5oYlBBJe7hoOjNdeQ5N8Kf6nFoaG6t Jby3lVPfZkOrc9/es++Ps9ZogR8EKvVlds3eaQ7LQQZoMyoPByciiJJToeCZzv0p 0bhel4SsLJPnpUY04K9aNTD+1uDqnumU4u9znH4n8EQuaNn+J1XjIZVxjmnGK/gk LsFcF0GtAuNGJsRtd2j6iwVzotaEOPV1Puh7QzUv/MVZmS22FL1zLWC8mXg7rMI4 DIi+3jUghD1sbP6HkeCTd9zLeOm0ETMJMmUZphuyEBAohGZAs/ZC7B6s6t07QjJ7 5y290Pusg1CcwNqbIm773Y71qOihpnyReZbGASkTepuDGZT1OMbabkJ0t2XDCotz BPmP1JV2/S+C/XDTjf8d =Egnf -----END PGP SIGNATURE----- --f2QGlHpHGjS2mn6Y-- --===============7700466093080757438== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --===============7700466093080757438==--