messages from 2012-06-09 14:41:56 to 2012-10-02 00:17:13 UTC [more...]
[PATCH v7 00/49] audit/getname/estale patch series
2012-10-02 0:16 UTC (6+ messages)
` [PATCH v7 01/49] audit: remove unnecessary NULL ptr checks from do_path_lookup
` [PATCH v7 02/49] audit: pass in dentry to audit_copy_inode wherever possible
` [PATCH v7 03/49] audit: no need to walk list in audit_inode if name is NULL
` [PATCH v7 04/49] audit: reverse arguments to audit_inode_child
` [PATCH v7 05/49] audit: add a new "type" field to audit_names struct
'Nested rule' error message when getting auditd set up on my server
2012-09-29 22:49 UTC
[PATCH] audit: grab a reference to context->pwd when it's cached
2012-09-26 18:20 UTC (7+ messages)
Capturing USB insertions and removal events with auditd
2012-09-21 15:22 UTC (2+ messages)
[PATCH v2 00/10] vfs: getname/putname overhaul
2012-09-20 18:38 UTC (16+ messages)
` [PATCH v2 01/10] vfs: allocate page instead of names_cache buffer in mount_block_root
` [PATCH v2 02/10] vfs: make dir_name arg to do_mount a const char *
` [PATCH v2 03/10] acct: constify the name arg to acct_on
` [PATCH v2 04/10] vfs: define getname_info struct and have getname() return it
` [PATCH v2 05/10] audit: allow audit code to satisfy getname requests from its names_list
` [PATCH v2 06/10] vfs: turn do_path_lookup into wrapper around getname_info variant
` [PATCH v2 07/10] vfs: make path_openat take a getname_info pointer
` [PATCH v2 08/10] audit: make audit_inode take getname_info
` [PATCH v2 09/10] vfs: embed getname_info inside of names_cache allocation if possible
` [PATCH v2 10/10] vfs: unexport getname and putname symbols
Excluding events by command
2012-09-18 18:40 UTC (7+ messages)
[PATCH 0/5] Build time disabling of auditd network listener
2012-09-11 17:10 UTC (9+ messages)
` [PATCH 1/5] Move auditd listener reconfigure code into auditd-listen.c
` [PATCH 2/5] Store daemon config pointer in the periodic watcher's private data
` [PATCH 3/5] Move periodic watcher into auditd-listen.c
` [PATCH 4/5] Consolidate periodic handler code
` [PATCH 5/5] Conditionally build auditd network listener support
[PATCH v1 00/10] vfs: getname/putname overhaul
2012-09-08 15:38 UTC (16+ messages)
` [PATCH v1 01/10] vfs: allocate page instead of names_cache buffer in mount_block_root
` [PATCH v1 02/10] vfs: make dir_name arg to do_mount a const char *
` [PATCH v1 03/10] acct: constify the name arg to acct_on
` [PATCH v1 04/10] vfs: define getname_info struct and have getname() return it
` [PATCH v1 05/10] audit: allow audit code to satisfy getname requests from its names_list
` [PATCH v1 06/10] vfs: turn do_path_lookup into wrapper around getname_info variant
` [PATCH v1 07/10] vfs: make path_openat take a getname_info pointer
` [PATCH v1 08/10] audit: make audit_inode take getname_info
` [PATCH v1 09/10] vfs: embed getname_info inside of names_cache allocation if possible
` [PATCH v1 10/10] vfs: unexport getname and putname symbols
[PATCH v6 00/10] audit: overhaul audit_names handling to allow for retrying on path-based syscalls
2012-09-07 11:23 UTC (11+ messages)
` [PATCH v6 01/10] audit: remove unnecessary NULL ptr checks from do_path_lookup
` [PATCH v6 02/10] audit: pass in dentry to audit_copy_inode wherever possible
` [PATCH v6 03/10] audit: no need to walk list in audit_inode if name is NULL
` [PATCH v6 04/10] audit: reverse arguments to audit_inode_child
` [PATCH v6 05/10] audit: add a new "type" field to audit_names struct
` [PATCH v6 06/10] audit: set the name_len in audit_inode for parent lookups
` [PATCH v6 07/10] audit: remove dirlen argument to audit_compare_dname_path
` [PATCH v6 08/10] audit: make audit_compare_dname_path use parent_len helper
` [PATCH v6 09/10] audit: optimize audit_compare_dname_path
` [PATCH v6 10/10] audit: overhaul __audit_inode_child to accomodate retrying
[PATCH] audit: audit on the future execution of a binary
2012-09-06 21:34 UTC (2+ messages)
max number of rules?
2012-08-27 18:45 UTC (2+ messages)
[PATCH] auditctl Running In QEMU
2012-08-27 18:24 UTC (3+ messages)
[PATCH] Audit Compilation on QEMU/Debian Squeeze
2012-08-27 14:30 UTC (3+ messages)
auparse delayed event emittance
2012-08-27 13:07 UTC (2+ messages)
[PATCH] Support for auditing on the actions of a not-yet-executed process
2012-08-27 12:54 UTC (2+ messages)
AUTO: Gavin Appleton is out of the office. (returning 23/08/2012)
2012-08-21 17:07 UTC
GPL-less alternatives to the Audit Userland
2012-08-20 23:06 UTC (3+ messages)
cross-compiling difficulty with on-the-fly gen/build/use paradigm
2012-08-20 16:47 UTC (3+ messages)
AUTO: Gavin Appleton is out of the office. (returning 20/08/2012)
2012-08-18 17:04 UTC
aureport and command lines
2012-08-18 13:19 UTC (2+ messages)
Advice on enriching logs with user and group names before moving them to a central log repository
2012-08-18 13:17 UTC (9+ messages)
100% reliable Oops
2012-08-14 1:04 UTC
missing user name
2012-08-03 19:14 UTC (6+ messages)
AUTO: Gavin Appleton is out of the office. (returning 01/08/2012)
2012-07-31 17:03 UTC
mode = forward
2012-07-30 18:50 UTC (6+ messages)
[PATCH] audit: missing variable declaration/initialization when AUDIT_DEBUG == 2
2012-07-26 15:09 UTC (4+ messages)
[PATCH v5 0/9] audit: overhaul audit_names handling to allow for retrying on path-based syscalls
2012-07-26 11:21 UTC (10+ messages)
` [PATCH v5 1/9] audit: remove unnecessary NULL ptr checks from do_path_lookup
` [PATCH v5 2/9] audit: pass in dentry to audit_copy_inode wherever possible
` [PATCH v5 3/9] audit: reverse arguments to audit_inode_child
` [PATCH v5 4/9] audit: add a new "type" field to audit_names struct
` [PATCH v5 5/9] audit: set the name_len in audit_inode for parent lookups
` [PATCH v5 6/9] audit: remove dirlen argument to audit_compare_dname_path
` [PATCH v5 7/9] audit: make audit_compare_dname_path use parent_len helper
` [PATCH v5 8/9] audit: optimize audit_compare_dname_path
` [PATCH v5 9/9] audit: overhaul __audit_inode_child to accomodate retrying
multiline entries in audit.rules
2012-07-25 21:31 UTC
audit more syscalls during boot before auditd starts?
2012-07-23 14:42 UTC (3+ messages)
Sucess or failure?
2012-07-22 17:44 UTC (6+ messages)
issues building/running with kernel/audit.h AUDIT_DEBUG = 2
2012-07-18 20:41 UTC
PCI-DSS: Log every root actions/keystrokes but avoid passwords
2012-07-16 13:20 UTC (10+ messages)
` EXT :Re: "
Issues with auditd kernel panic and nfs mounts
2012-07-13 17:58 UTC (4+ messages)
` EXTERNAL: "
retrieve EIP/RIP for syscall in audit
2012-07-13 17:39 UTC (4+ messages)
Output of aureport in columns
2012-07-13 17:19 UTC (5+ messages)
How to capture mount event in /var/log/audit/audit.log
2012-07-09 21:57 UTC (4+ messages)
capture mount event in /var/log/audit/audit.log
2012-07-07 22:18 UTC (2+ messages)
-F dir=/nfs/path ?
2012-07-06 23:58 UTC (4+ messages)
AUTO: Gavin Appleton is out of the office. (returning 09/07/2012)
2012-07-04 17:06 UTC
auditing syscalls made 'by' an inode?
2012-07-03 22:02 UTC (4+ messages)
AUTO: Gavin Appleton is out of the office. (returning 29/06/2012)
2012-06-28 17:04 UTC
[PATCH v4 0/9] audit: overhaul audit_names handling to allow for retrying on path-based syscalls
2012-06-26 16:35 UTC (10+ messages)
` [PATCH v4 1/9] audit: remove unnecessary NULL ptr checks from do_path_lookup
` [PATCH v4 2/9] audit: pass in dentry to audit_copy_inode wherever possible
` [PATCH v4 3/9] audit: reverse arguments to audit_inode_child
` [PATCH v4 4/9] audit: add a new "type" field to audit_names struct
` [PATCH v4 5/9] audit: set the name_len in audit_inode for parent lookups
` [PATCH v4 6/9] audit: remove dirlen argument to audit_compare_dname_path
` [PATCH v4 7/9] audit: make audit_compare_dname_path use parent_len helper
` [PATCH v4 8/9] audit: optimize audit_compare_dname_path
` [PATCH v4 9/9] audit: overhaul __audit_inode_child to accomodate retrying
event for exited process
2012-06-26 15:46 UTC (2+ messages)
Linux Audit Framework question
2012-06-25 12:01 UTC (2+ messages)
List of search fields?
2012-06-11 18:22 UTC (2+ messages)
Near Term Audit Road Map
2009-03-24 16:41 UTC (4+ messages)
` audisp-remote and audisp-prelude question
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox