* Audit plug-ins development
@ 2007-08-07 14:10 Klaus Heinrich Kiwi
2007-08-07 21:28 ` Steve Grubb
0 siblings, 1 reply; 2+ messages in thread
From: Klaus Heinrich Kiwi @ 2007-08-07 14:10 UTC (permalink / raw)
To: linux-audit
Steve,
I'm interested in developing an audit plug-in to forward events to z/OS
RACF (sort of a centralized AAA facility for IBM System Z systems).
I know that the [new] audit dispatcher and the whole audit infrastructure
isn't quite ready yet, but I'd like to start advancing things on my side.
What is your general idea for audit plug-ins deploymet? Would we be able to
contribute the plug-ins to the audit userspace so that they can be
available in the audit source package, and then maybe in a separate binary
package upon building? Can you give us some hints about how would you want
this code contributions and how would you want these blended in the audit
tree?
Thanks,
Klaus K.
--
.:klaus h kiwi <klausk@br.ibm.com>:.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Audit plug-ins development
2007-08-07 14:10 Audit plug-ins development Klaus Heinrich Kiwi
@ 2007-08-07 21:28 ` Steve Grubb
0 siblings, 0 replies; 2+ messages in thread
From: Steve Grubb @ 2007-08-07 21:28 UTC (permalink / raw)
To: linux-audit; +Cc: Klaus Heinrich Kiwi
On Tuesday 07 August 2007 10:10:07 am Klaus Heinrich Kiwi wrote:
> I'm interested in developing an audit plug-in to forward events to z/OS
> RACF (sort of a centralized AAA facility for IBM System Z systems).
Nice.
> What is your general idea for audit plug-ins deploymet?
You would drop a config file into /etc/audisp/plugins.d and it contains the
information to tell the dispatcher what to do. I think there are a couple in
audit-1.5.7/new_audispd/configs to look at for an example.
> Would we be able to contribute the plug-ins to the audit userspace so that
> they can be available in the audit source package, and then maybe in a
> separate binary package upon building?
That sounds good unless...
> Can you give us some hints about how would you want this code contributions
> and how would you want these blended in the audit tree?
I'm wanting to keep the audit code GPLv2+ and the libraries LGPLv2+ so that if
there is any compelling reason to change licenses that the project can do
that. But I don't have any immediate plans to change to v3 right now.
I would like to just create a plugins directory under audit-1.5.7/new_audispd
and then each plugin under that. I'm looking to move the project to Feodora's
cvs facilities sometime soon. So, maybe the 1.5.8 release I could merge any
plugins? I also need to do a quick write-up for what is expected of a plugin
before I start accepting them.
-Steve
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-08-07 21:28 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-08-07 14:10 Audit plug-ins development Klaus Heinrich Kiwi
2007-08-07 21:28 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox