* WASP for Linux 7?
@ 2014-12-29 21:35 Margaret M Sanders
2014-12-30 14:17 ` Paul Moore
2014-12-31 12:49 ` Pittigher, Raymond - Exelis
0 siblings, 2 replies; 3+ messages in thread
From: Margaret M Sanders @ 2014-12-29 21:35 UTC (permalink / raw)
To: Paul Moore, Toralf Förster; +Cc: linux-audit@redhat.com, linux Kernel
Expertise:
Is there a WASP for Linux 7? What is the accepted and accredited security scanning app for Linux 7--is it SECSCN?
Thank you,
MS
SwRI
ISSO/ATA
-----Original Message-----
From: linux-audit-bounces@redhat.com [mailto:linux-audit-bounces@redhat.com] On Behalf Of Paul Moore
Sent: Monday, December 29, 2014 1:42 PM
To: Toralf Förster
Cc: linux-audit@redhat.com; linux Kernel
Subject: Re: v3.19-rc2: crashes during boot (syslog-ng, rpcbind ...)
On Monday, December 29, 2014 05:24:38 PM Toralf Förster wrote:
> On 12/29/2014 05:21 PM, Paul Moore wrote:
> > On Mon, Dec 29, 2014 at 11:07 AM, Toralf Förster wrote:
> >> A x86 KVM guest running at a 64 bit Gentoo hardened host system the
> >> following crashes appeared reproducible (screen shots attached.
> >>
> >> If I removed syslog-ng from the runlevel default, then the crash
> >> just appeared a little bit later at another subsystem>
> >
> > It looks like it doesn't like something in
> > audit_compare_dname_path(); I'll take a look and see what I can
> > find, there is a patch in -rc2 which touched some related code.
> >
> > I didn't see this problem in my earlier testing, can you share your
> > .config?
>
> ofc - attached
[NOTE: added linux-audit to the CC line, I should have done that earlier]
I believe I can reproduce this now; I'm seeing slightly different panics, but it is "close enough" and based on some quality time with the code I believe they are both symptoms of the same root cause.
To help verify that I'm heading down the right path, could you share your audit configuration as well? If that's not possible, can you at least confirm that you using a few audit directory watches?
--
paul moore
www.paul-moore.com
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: WASP for Linux 7?
2014-12-29 21:35 WASP for Linux 7? Margaret M Sanders
@ 2014-12-30 14:17 ` Paul Moore
2014-12-31 12:49 ` Pittigher, Raymond - Exelis
1 sibling, 0 replies; 3+ messages in thread
From: Paul Moore @ 2014-12-30 14:17 UTC (permalink / raw)
To: Margaret M Sanders; +Cc: Toralf Förster, linux-audit@redhat.com
On Monday, December 29, 2014 09:35:23 PM Margaret M Sanders wrote:
> Expertise:
>
> Is there a WASP for Linux 7? What is the accepted and accredited security
> scanning app for Linux 7--is it SECSCN?
>
> Thank you,
>
> MS
> SwRI
> ISSO/ATA
[NOTE: I'm dropping linux-kernel from the To/CC line as this isn't really on
topic for that list (or the linux-audit list for that matter).]
By "Linux 7" I'm assuming you mean Red Hat Enterprise Linux v7, yes? If so, I
would suggest contacting your Red Hat support team for specifics about Red Hat
Linux products; these mailing lists generally are for the support and
development of the upstream Linux Kernel and not a particular Linux
distribution or product.
If you are having difficulty getting in touch with anyone at Red Hat you can
contact me off-list using my pmoore@redhat email address.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: WASP for Linux 7?
2014-12-29 21:35 WASP for Linux 7? Margaret M Sanders
2014-12-30 14:17 ` Paul Moore
@ 2014-12-31 12:49 ` Pittigher, Raymond - Exelis
1 sibling, 0 replies; 3+ messages in thread
From: Pittigher, Raymond - Exelis @ 2014-12-31 12:49 UTC (permalink / raw)
To: Margaret M Sanders, Paul Moore, Toralf Förster
Cc: linux-audit@redhat.com, linux Kernel
________________________________________
From: linux-audit-bounces@redhat.com [linux-audit-bounces@redhat.com] on behalf of Margaret M Sanders [msanders@swri.org]
Sent: Monday, December 29, 2014 4:35 PM
To: Paul Moore; Toralf Förster
Cc: linux-audit@redhat.com; linux Kernel
Subject: WASP for Linux 7?
Expertise:
Is there a WASP for Linux 7? What is the accepted and accredited security scanning app for Linux 7--is it SECSCN?
Thank you,
MS
SwRI
ISSO/ATA
-----Original Message-----
From: linux-audit-bounces@redhat.com [mailto:linux-audit-bounces@redhat.com] On Behalf Of Paul Moore
Sent: Monday, December 29, 2014 1:42 PM
To: Toralf Förster
Cc: linux-audit@redhat.com; linux Kernel
Subject: Re: v3.19-rc2: crashes during boot (syslog-ng, rpcbind ...)
On Monday, December 29, 2014 05:24:38 PM Toralf Förster wrote:
> On 12/29/2014 05:21 PM, Paul Moore wrote:
> > On Mon, Dec 29, 2014 at 11:07 AM, Toralf Förster wrote:
> >> A x86 KVM guest running at a 64 bit Gentoo hardened host system the
> >> following crashes appeared reproducible (screen shots attached.
> >>
> >> If I removed syslog-ng from the runlevel default, then the crash
> >> just appeared a little bit later at another subsystem>
> >
> > It looks like it doesn't like something in
> > audit_compare_dname_path(); I'll take a look and see what I can
> > find, there is a patch in -rc2 which touched some related code.
> >
> > I didn't see this problem in my earlier testing, can you share your
> > .config?
>
> ofc - attached
[NOTE: added linux-audit to the CC line, I should have done that earlier]
I believe I can reproduce this now; I'm seeing slightly different panics, but it is "close enough" and based on some quality time with the code I believe they are both symptoms of the same root cause.
To help verify that I'm heading down the right path, could you share your audit configuration as well? If that's not possible, can you at least confirm that you using a few audit directory watches?
--
paul moore
www.paul-moore.com
Try Using OpenSCAP. I do not think that RHEL7 has been approved yet and I do not see the rules on NIPR or SIPR.
________________________________
This e-mail and any files transmitted with it may be proprietary and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the sender. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of Exelis Inc. The recipient should check this e-mail and any attachments for the presence of viruses. Exelis Inc. accepts no liability for any damage caused by any virus transmitted by this e-mail.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-12-31 12:50 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-12-29 21:35 WASP for Linux 7? Margaret M Sanders
2014-12-30 14:17 ` Paul Moore
2014-12-31 12:49 ` Pittigher, Raymond - Exelis
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox